topic Do I understand correctly in Network Security

Testing the device in production.

n.avramenko87 — Tue, 12 Mar 2019 13:03:47 GMT

Hello friends! I need your help again. How can I tested sensor in production? When I apply any of politic or settings to fire power I have a break in the network work.And it bothers me!It is not good tested in production.

What I have:

1.Internet -- ASA -- FIREPOWER - (Switch - - - MY LAN------)

I see it as a working version of my lan.

2.Can I use for testing this scheme:

Internet -- ASA - - (Switch - FIREPOWER - Switch - MY LAN------) Will it work?

Thank you!

Hi,

ankojha — Tue, 05 Jul 2016 11:30:37 GMT

Hi,

Yes, the second scenario is supposed to work fine.

If you are using firepower module running on ASA,then you can try putting the module in monitor-only and monitor the traffic which is coming to the same.

If you have sensor, then you can enable inline set for interfaces and make sure first they are up

and then you can direct traffic, if in case you encounter the problem enable bypass for the interface so that traffic is bypassed through the sensor.

Note: make sure that interface settings such as duplex speed match the inline sets on the sensor

and on the sensor set it to auto negotiate.

Please mark and rate helpful posts.

Thanks,

Ankita

I use only Sensor.

n.avramenko87 — Tue, 05 Jul 2016 12:30:33 GMT

I use only Sensor.

Thank you for your answer. At first i need to use sensos for discovering network.And 2 scheme will be work! I try it to testing!

But in production i think it is only firsh scheme can works.

Do I understand correctly

n.avramenko87 — Tue, 05 Jul 2016 13:00:30 GMT

Do I understand correctly that if i use sensor as passive i can discovering my network?

Hello Team,

Jetsy Mathew — Tue, 05 Jul 2016 14:40:33 GMT

Hello Team,

Either you can set your ASA firepower in monitor only or inline mode.

When its in inline mode, it will inspect the traffic that is redirects from ASA to Firepower and Firepower will take the actions based on the policies that you mentioned.

If you dont need then you can just keep the Firepower in monitor only mode so that it will send just the copy of traffic to Firepower and it wont perform any inspection.

It would be good if you refer the following deployment scenario guides to understand more about how to setup and also refer the second link for initial installation and traffic redirection after installation.

http://www.cisco.com/c/en/us/support/docs/security/ips-sensor-software-version-71/113690-ips-config-mod-00.html (this is applicable for Firepower setup also )

http://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configure-firepower-00.html

Rate and mark correct , if the post helps you

Regards

Jetsy

OK! Thank you! I have one

n.avramenko87 — Wed, 06 Jul 2016 07:02:19 GMT

OK! Thank you! I have 2 questions!

1.One man said me that if we want to use FirePower we need router :

Internet -- Router -- FirePower -- ASA -- LAN

In my lan ASA used as a router too.Can I used FirePower without Router:

Internet -- ASA -- FirePower -- LAN

2. I try to configure sensor. I want to see all information about my lan (host computers ports applications)

- I configured access control policy - network discovery only

- system find only hosts in my lan

I read manuals and if I understand correctly that for "application seen" I need to configure Active Scanning?

And I see that firesigh has application detectors, how can I use it? Сould there be best practice for using sensor?

Hello! And still would like

n.avramenko87 — Tue, 12 Jul 2016 08:16:18 GMT

Hello! And still would like to clarify information. I have the same lan that on the scheme. Will it work with FirePower? Thank you!