https://community.cisco.com/t5/network-security/how-can-i-bypass-routing-protocol-traffic-bgp-ospf-in-firepower/m-p/4696644#M1093821 <P>you can for BGP&nbsp;<BR />only allow BGP neighbor in OUT ACL&nbsp;<BR />for OSPF I think you need to config neighbor command&nbsp; and then allow neighbor in ACL&nbsp;</P><P><A href="https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/6500-bgp-pix.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/6500-bgp-pix.html</A></P><P>&nbsp;</P> Fri, 30 Sep 2022 09:52:50 GMT MHM Cisco World 2022-09-30T09:52:50Z https://community.cisco.com/t5/network-security/how-can-i-bypass-routing-protocol-traffic-bgp-ospf-in-firepower/m-p/4696558#M1093803 <P>Can Firepower identify traffics for routing protocol such as BGP and OSPF? I want to bypass BGP and OSPF traffics to boost my firepower performance. Thank you.</P> Fri, 30 Sep 2022 06:25:17 GMT https://community.cisco.com/t5/network-security/how-can-i-bypass-routing-protocol-traffic-bgp-ospf-in-firepower/m-p/4696558#M1093803 raymondluis13 2022-09-30T06:25:17Z https://community.cisco.com/t5/network-security/how-can-i-bypass-routing-protocol-traffic-bgp-ospf-in-firepower/m-p/4696609#M1093809 <P>If you want your traffic to bypass snort, create Prefilter Policy, add Rules to it with Fastpath Action and link Prefilter Policy to Access Control Policy.</P> Fri, 30 Sep 2022 08:27:10 GMT https://community.cisco.com/t5/network-security/how-can-i-bypass-routing-protocol-traffic-bgp-ospf-in-firepower/m-p/4696609#M1093809 tvotna 2022-09-30T08:27:10Z https://community.cisco.com/t5/network-security/how-can-i-bypass-routing-protocol-traffic-bgp-ospf-in-firepower/m-p/4696611#M1093810 <P>Not sure I fully understand the question, if you don't enable OSPF/BGP on the firewall it won't use them at all and won't consume any resources for them.</P> Fri, 30 Sep 2022 08:27:51 GMT https://community.cisco.com/t5/network-security/how-can-i-bypass-routing-protocol-traffic-bgp-ospf-in-firepower/m-p/4696611#M1093810 Aref Alsouqi 2022-09-30T08:27:51Z https://community.cisco.com/t5/network-security/how-can-i-bypass-routing-protocol-traffic-bgp-ospf-in-firepower/m-p/4696644#M1093821 <P>you can for BGP&nbsp;<BR />only allow BGP neighbor in OUT ACL&nbsp;<BR />for OSPF I think you need to config neighbor command&nbsp; and then allow neighbor in ACL&nbsp;</P><P><A href="https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/6500-bgp-pix.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/6500-bgp-pix.html</A></P><P>&nbsp;</P> Fri, 30 Sep 2022 09:52:50 GMT https://community.cisco.com/t5/network-security/how-can-i-bypass-routing-protocol-traffic-bgp-ospf-in-firepower/m-p/4696644#M1093821 MHM Cisco World 2022-09-30T09:52:50Z https://community.cisco.com/t5/network-security/how-can-i-bypass-routing-protocol-traffic-bgp-ospf-in-firepower/m-p/4698049#M1093931 <P class="">Hello sir, so im using a transparent mode firepower. According to the documentation, i can just fast track all routing protocol without inspecting them using access control rules. But when i am trying to configure the policy to fast track routing protocol, i dont see any group or option to select OSPF or BGP. I want to ask how can i fast track all routing protocol traffics. Thank you. Here the documentation.</P><P class=""><A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/transparent_or_routed_firewall_mode_for_firepower_threat_defense.html" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/transparent_or_routed_firewall_mode_for_firepower_threat_defense.html</A></P><P class="">For features that are not directly supported on the transparent firewall, you can allow traffic to pass through so that upstream and downstream routers can support the functionality. For example, by using an access rule, you can allow DHCP traffic (instead of the unsupported DHCP relay feature) or multicast traffic such as that created by IP/TV. You can also establish routing protocol adjacencies through a transparent firewall; you can allow OSPF, RIP, EIGRP, or BGP traffic through based on an access rule. Likewise, protocols like HSRP or VRRP can pass through the<SPAN>&nbsp;</SPAN><SPAN class="">FTD device</SPAN>.</P> Tue, 04 Oct 2022 10:10:11 GMT https://community.cisco.com/t5/network-security/how-can-i-bypass-routing-protocol-traffic-bgp-ospf-in-firepower/m-p/4698049#M1093931 raymondluis13 2022-10-04T10:10:11Z https://community.cisco.com/t5/network-security/how-can-i-bypass-routing-protocol-traffic-bgp-ospf-in-firepower/m-p/4698286#M1093955 <P>Use Prefilter Policy with port and protocol conditions in rules:</P><P><A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/rule_management_common_characteristics.html#id_16274" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/rule_management_common_characteristics.html#id_16274</A></P><P>BGP is TCP/179 and OSPF is protocol #89.</P> Tue, 04 Oct 2022 19:10:05 GMT https://community.cisco.com/t5/network-security/how-can-i-bypass-routing-protocol-traffic-bgp-ospf-in-firepower/m-p/4698286#M1093955 tvotna 2022-10-04T19:10:05Z https://community.cisco.com/t5/network-security/how-can-i-bypass-routing-protocol-traffic-bgp-ospf-in-firepower/m-p/4698422#M1093956 <P>Hi, thanks for the response. I want to ask, if i fast track all traffics for TCP port 179. Can attackers attack my network using that same port and protocol? Thank you</P> Wed, 05 Oct 2022 01:27:20 GMT https://community.cisco.com/t5/network-security/how-can-i-bypass-routing-protocol-traffic-bgp-ospf-in-firepower/m-p/4698422#M1093956 raymondluis13 2022-10-05T01:27:20Z https://community.cisco.com/t5/network-security/how-can-i-bypass-routing-protocol-traffic-bgp-ospf-in-firepower/m-p/4698425#M1093957 <P>hello thanks for the response. Its seems like the solution is to manually config the router and the firepower. i want to ask, is there a way to set policy in firepower only since i managing more than 1000 routers. I cant manually config all of them. and my firepower also set to transparent mode, so my firepower only got routing traffics from other routers. I want to fast track that in pre filter policy or access control policy. Is there a way to do that? Thank you</P> Wed, 05 Oct 2022 01:33:55 GMT https://community.cisco.com/t5/network-security/how-can-i-bypass-routing-protocol-traffic-bgp-ospf-in-firepower/m-p/4698425#M1093957 raymondluis13 2022-10-05T01:33:55Z https://community.cisco.com/t5/network-security/how-can-i-bypass-routing-protocol-traffic-bgp-ospf-in-firepower/m-p/4698426#M1093958 <P>hi, thanks for the response. I want to bypass routing traffics with prefilter and access control policy. But the problem is i dont know how to select only these routing traffic without bypassing other traffics as well. Is there a way to only select these routing traffics only?</P> Wed, 05 Oct 2022 01:36:37 GMT https://community.cisco.com/t5/network-security/how-can-i-bypass-routing-protocol-traffic-bgp-ospf-in-firepower/m-p/4698426#M1093958 raymondluis13 2022-10-05T01:36:37Z