View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

SEC0164 - ASA FirePower Network Discovery (Host and Application) (Part 1)

Rating: 
5
Average: 5 (5 votes)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
The video introduces you to a concept of Network Discovery of Cisco ASA FirePower which is am essential component of building a intelligent security system. We will primarily focus on host and application discovery and will explain the differences between passive and active discovery. We will also look at how the discovered information are stored in a host profile and its significance.
 
Part 1 of this videos goes through Discovery Policy configuration, Custom Topolocy and Policy Settings
 
Topic:
  • Network Discovery with Host and Application
  • Network Object
  • Discovery Policy and Rules
  • Custom Topology
  • Passive Discovery and Host Profile
  • Active Discovery with NMAP Scan

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.

2 comments

Metha, first of all congratulations and thank you for making such a brilliant resource like Lab Minutes available!

Question:
So when you talk about access control rules for Firepower, does this mean we are actually configuring all the Firewall ACL rules all over again? Because the FP module is in-line now and for it to inspect all the traffic, we need to do that right?

Please correct me if I am wrong. If I am correct, is there an easier way to export rules from the FW and import them in the FMC?

With ASA FP, there is always a question of what to configure on ASA ACL and what to configure on the FP Access Control Policy. While it is sometime possible to configure at either place, we do recommend configure basic deny/allow using ASA ACL to cut down what get sent to FP, and only use FP to perform application-level inspection. So if you already have ASA, you wouldn't really need to change ASA ACL to add FP module. To our knowledge, there is no tool to convet ASA ACL to FP policy today.