Showing results for 
Search instead for 
Did you mean: 

AMP for Endpoint CWS Exceptions


Recently Cisco/SourceFire released a bulletin about a cloud migration for our SourceFire AMP clients and that we would need to update some policies to ensure our clients can talk to Cisco's cloud servers. I deployed the updated policy to one of our test groups and noticed that my FireAMP client could not reach out to the internet so it was displaying a "Disconnected Status". On a hunch, I disabled my CWS client service and my FireAMP client was able to connect and displayed a "Connected Status".

I found in our SourceFire management console that there are some firewall settings provided for this new cloud migration, that includes a number of IP's needed to communicate over 443. They even offer a copy feature or option to download the files to a text file so you can easily update your firewall with these new IP's.

My issue is that there is no easy way to import these into our CWS profile so that we can exempt these IP's from being sent through the cloud proxy. I had to copy and paste each one of these one at a time, which took quite a while. I think, that since these are both Cisco products, they should work together and we should not have to enter these IP's manually. This process just seems very inefficient as far as managing this solution. It's very hard to update these exceptions in the profile editor.

I'm wondering if there's a way that the developers of these products could integrate these exceptions or at least make it easier to copy and paste the whole list into the profile editor? I could see me having to do this if I were using another vendor's product with CWS, but seeing as these are both SourceFire products, it just seems like these two solutions would work together out of the box.

Below is a list of all of the IP's I had to enter one at a time just so you can see how much I'm talking about. If it were just 10 or so, that wouldn't be so bad, but these is a lot to keep up with. I did open TAC case SR-638860975 to see if they had any suggestions and they advised me that the only way to add these IP's into my CWS Profile editor was do it one at a time like I explained earlier.




0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers