cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
342
Views
0
Helpful
2
Replies
CW7 Beginner
Beginner

Best Practice for VPN traffic Policys

Hi,

New the world of FirePower and FMC.  Have a Firepower 2100 appliance between my main router and Core Network switch.  Have an IPSec Site to Site VPN back to HQ that terminates on my main router.   In my FirePower Access Policy I have rules that catch all the VPN traffic according to source and destination networks.  The Action for this traffic is simply Allow, with no further inspection enabled.  Am thinking that is not best practice.  Run a Microsoft Active Directory, so there is a lot of file server access, Domain controller Access, etc, etc, going over the VPN.

 

What would be the best practices for IPS policy and File and Malware policy for this VPN traffic?  Should I just use the same policys I use for Internet Traffic (ie Use ALL firepower IPS recomendations and Block ALL identified malware and files)?  Not sure if any special exceptions need to be made, especially since I have Active Directory running.  How do you handle this type of VPN traffic on your networks?

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Guru

Re: Best Practice for VPN traffic Policys

If the traffic is decrypted prior to passing through the Firepower device (as I understand it to be given your explanation) then you should apply all of the standard inspections to it.

At the very least associate IPS and File policies (with Firepower Recommendations for your IPS policy) to the ACP rule(s) that allow the traffic. You can create a recurring job that periodically updates the Firepower Recommendations under the scheduling widget.

View solution in original post

2 REPLIES 2
Highlighted
Hall of Fame Guru

Re: Best Practice for VPN traffic Policys

If the traffic is decrypted prior to passing through the Firepower device (as I understand it to be given your explanation) then you should apply all of the standard inspections to it.

At the very least associate IPS and File policies (with Firepower Recommendations for your IPS policy) to the ACP rule(s) that allow the traffic. You can create a recurring job that periodically updates the Firepower Recommendations under the scheduling widget.

View solution in original post

Highlighted
CW7 Beginner
Beginner

Re: Best Practice for VPN traffic Policys

OK, did as you suggested with no issues so far. Thanks.
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here