https://community.cisco.com/t5/network-security/firepower-file-trajectory/m-p/3990918#M934909 Yes you use AMP4E to get that information you require. You can also integrate with ISE in order to quarantine the device in infected. Thu, 28 Nov 2019 21:00:00 GMT Rob Ingram 2019-11-28T21:00:00Z https://community.cisco.com/t5/network-security/firepower-file-trajectory/m-p/3990891#M934905 <P>Hello!</P><P>&nbsp;</P><P><STRONG>Network file trajectory:&nbsp;</STRONG></P><P><SPAN>"Cisco maps how&nbsp;<STRONG>hosts transfer files, including malware files, across your network</STRONG>. It can see if a file transfer was blocked or the file was quarantined. This provides a means to scope, provide outbreak controls, and identify patient zero." -&nbsp;<A href="https://www.cisco.com/c/m/en_us/products/security/firewalls/competitive-comparison.html#~competitive=0" target="_blank" rel="nofollow noopener noreferrer">https://www.cisco.com/c/m/en_us/products/security/firewalls/competitive-comparison.html#~competitive=0</A></SPAN></P><P>&nbsp;</P><P>What products do customers need to offer to implement the "<STRONG>Network file trajectory</STRONG>" features?</P><P>&nbsp;</P><P>If<SPAN>&nbsp;</SPAN><SPAN>we don't put Firepower&nbsp; into the east-west path of the traffic than we can not see&nbsp;<STRONG>file trajectory&nbsp;</STRONG><STRONG>across customer network without additional&nbsp;products&nbsp;such as, for example, AMP for Endpoint ?!</STRONG></SPAN></P><P>&nbsp;</P><P>So, in design (case 1 in attach)&nbsp;<SPAN><STRONG>without&nbsp; AMP for Endpoint do I not see&nbsp;file trajectory between host B and C ?</STRONG></SPAN></P><P>Or do I need<SPAN>&nbsp;</SPAN><STRONG>additional Firepower between&nbsp;host B and C</STRONG><SPAN>&nbsp;</SPAN>(case 2 in attach) or&nbsp;<STRONG>AMP for Endpoint on both hosts ?</STRONG></P><P>&nbsp;</P><P><STRONG>Could you correct me if I am wrong?</STRONG></P> Fri, 21 Feb 2020 17:44:04 GMT https://community.cisco.com/t5/network-security/firepower-file-trajectory/m-p/3990891#M934905 cadet 2020-02-21T17:44:04Z https://community.cisco.com/t5/network-security/firepower-file-trajectory/m-p/3990906#M934907 <P>Hi,</P> <P>It probably wouldn't be feasible or scalable to put a Firepower appliance in between host B and C in order to filter intra VLAN traffic. You should implement AMP for Endpoints.</P> <P>&nbsp;</P> <P>HTH</P> Thu, 28 Nov 2019 20:09:36 GMT https://community.cisco.com/t5/network-security/firepower-file-trajectory/m-p/3990906#M934907 Rob Ingram 2019-11-28T20:09:36Z https://community.cisco.com/t5/network-security/firepower-file-trajectory/m-p/3990914#M934908 <P>Definitely <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>So, does AMP for Endpoint is mandatory element&nbsp;in file trajectory functionality?</P> Thu, 28 Nov 2019 20:49:57 GMT https://community.cisco.com/t5/network-security/firepower-file-trajectory/m-p/3990914#M934908 cadet 2019-11-28T20:49:57Z https://community.cisco.com/t5/network-security/firepower-file-trajectory/m-p/3990918#M934909 Yes you use AMP4E to get that information you require. You can also integrate with ISE in order to quarantine the device in infected. Thu, 28 Nov 2019 21:00:00 GMT https://community.cisco.com/t5/network-security/firepower-file-trajectory/m-p/3990918#M934909 Rob Ingram 2019-11-28T21:00:00Z https://community.cisco.com/t5/network-security/firepower-file-trajectory/m-p/3990927#M934910 <P>does Firepower can&nbsp;<SPAN>&nbsp;to quarantine the device if infected without ISE ?</SPAN></P> Thu, 28 Nov 2019 21:18:13 GMT https://community.cisco.com/t5/network-security/firepower-file-trajectory/m-p/3990927#M934910 cadet 2019-11-28T21:18:13Z https://community.cisco.com/t5/network-security/firepower-file-trajectory/m-p/3990928#M934911 You need ISE to quarantine. When quarantined ISE would send a DACL down to the switchport an infected device is connected to, which would restrict lateral movement within the VLAN for that device. Thus preventing the spread of malware/virus etc to other devices on the network. Thu, 28 Nov 2019 21:27:56 GMT https://community.cisco.com/t5/network-security/firepower-file-trajectory/m-p/3990928#M934911 Rob Ingram 2019-11-28T21:27:56Z