Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
3380
Views
0
Helpful
3
Replies

Cisco AMP for Networks without AMP for endpoints

patelvc7601
Level 1
Level 1

ā€Ž04-28-2016 08:03 AM - edited ā€Ž02-20-2020 09:30 PM

Hi 

I have a hard time finding information regarding this.

What kind of protection provided by only Cisco AMP for networks if we do not have Cisco AMP for endpoints.

How it will track file trajectory without AMP for endpoint ?

is there any document that differentiate the service provided by different component ( AMP for ESA ,AMP for WSA/CWS etc...)

Sincerely

Viral Patel

Labels:
0 Helpful
3 Replies 3

yogdhanu
Cisco Employee
Cisco Employee

ā€Ž04-28-2016 08:52 AM

Hi

So essentially AMP for network would scan traffic only when it passes through the firepower so its bases on network. AMP for endpoint stays on endpoint and communicates to cloud for protection of its host.

You would find more information about trajectory in firepower config guide.

http://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/fpmc-config-guide-v60_chapter_01011110.html

http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/advanced-malware-protection/at-a-glance-c45-731875.pdf

I am not aware  of any doc about direct comparison of AMP with firepower, ESA and WSA but this link might give little more detail.

http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/advanced-malware-protection/at-a-glance-c45-731876.pdf

Rate if it helps.

Yogesh

0 Helpful

c.screpanti
Level 1
Level 1
In response to yogdhanu

ā€Ž06-20-2016 06:51 AM

Hi all,

Do I have to register a Management with cloud AMP, I have Malware licenses. From the logs on the matters I see this error :

 SF-IMS[28387]: [28659] SFDataCorrelator:imcloudpool [WARN] Can't register: Can't send data
 stunnel: LOG3[19700:140682608998144]: CONNECT request rejected...

Can someone help me?

Thanks

0 Helpful

yogdhanu
Cisco Employee
Cisco Employee
In response to c.screpanti

ā€Ž06-20-2016 07:05 AM

Hi

For network AMP with firepower, you don't have to manually register. Once you have malware license all should be good.

If your FMC is behind proxy server or the traffic is subject to SSL decryption, please bypass that and it should work.

Allow connections from FMC to outside without any change. You can also bypass connections to

cloud-dc.amp.sourcefire.com.

Rate if helps.

Yogesh

0 Helpful
Customers Also Viewed These Support Documents