topic AA 5506 as a IDS in Network Security

AA 5506 as a IDS

Travis Marzo — Tue, 12 Mar 2019 12:47:47 GMT

I have a spare 5506w that I am looking to use as an IDS sensor in my environment. We already own a SourceFire license for this box. What I'm looking to do is configure a SPAN port on my 5ks, have the 5506 monitor traffic and report back to my defense center. SPAN port is already configured and sending traffic. ASA is not capturing the traffic. Is there a way to configure the ports on the ASA to be promiscuous?

Hi, I think the command

Aastha Bhardwaj — Fri, 23 Oct 2015 18:51:49 GMT

Hi,

I think the command "traffic-forward sfr monitor-only" will help.

Refer the link : http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/T-Z/cmdref4/t2.html#pgfId-1614309

Regards,

Aastha

Rate if that helps!!!

In additions to the command

Marvin Rhoads — Sat, 24 Oct 2015 13:21:57 GMT

In additions to the command Aastha mentioned, the ASA has to be in transparent mode for that command to be available. The default mode is routed.

Remember - switching modes will erase the current configuration on the ASA! So make sure you have a backup if the current configuration is important to you.

I've never worked with a

Travis Marzo — Tue, 27 Oct 2015 17:51:49 GMT

I've never worked with a transparent firewall before. How am I to manage it remotely? I was able to assign an IP address to the management port but unable to ping. I am sitting on the same subnet. I haven't been able to find any articles to point me in the right direction....

Thank you for all the help so far.

Hi, You can go through doc :

Aastha Bhardwaj — Tue, 27 Oct 2015 18:07:41 GMT

Hi,

You can go through doc : http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/97853-Transparent-firewall.html

Regards,

Aastha Bhardwaj

Rate if it helps!!!