Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2375
Views
0
Helpful
6
Replies

can any one help me the reason behind why my FMC is connecting to sourcefire website every 30 minutes

srikanthjonnalagadda46124
Level 1
Level 1

‎09-11-2019 01:41 AM - edited ‎02-21-2020 09:29 AM

i have observer every 30mints time frame FMC is connecting to  "intelligence.sourcefire.com" web site its showing as outbound connection and uploading the data. how do we stop or disable this activity in FMC.

0 Helpful
6 Replies 6

harmesh88
Level 1
Level 1

‎09-11-2019 02:15 AM

Actually ,


FMC Need Internet Server access to update service database find below URL for reference .

you will get info that which URL need for which reason.

 

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/213260-firepower-connections-to-internet-server.html

 

  • intelligence.sourcefire.com   --->                            
    • Cisco Talos (only reached if using the Security Intelligence feature)

 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-11-2019 05:39 AM

If you want to disable the periodic Security Intelligence feed (which greatly reduces the effectiveness of your Firepower security appliances) you do it under Objects > Object Management > Security Intelligence (as shown below).

 

FMC SI Feed.PNG

0 Helpful

srikanthjonnalagadda46124
Level 1
Level 1
In response to Marvin Rhoads

‎09-11-2019 07:14 AM

Thank you Marvin Rhoads.

sorry to bothering on this I have few more doubts.

1.when the selected feed is updating every 30 mints, the feeds are downloading from the website(Security Intelligence) its inbound connection right ? or it push the old feeds to website(Security Intelligence) and then update the feeds?

2. in my case it is showing the out bound connection like from FMC to website(Security Intelligence).

3. where can we see the what data it is uploading to website(Security Intelligence)?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to srikanthjonnalagadda46124

‎09-11-2019 09:00 AM

FMC initiates the communications and the new feeds are downloaded from Cisco at the site name you mentioned earlier. It is not uploading your data. You can see the downloaded feeds in the FMC server under /var/sf/iprep_download

Reference this thread:

https://community.cisco.com/t5/firepower/how-to-view-the-security-intelligence-feeds/td-p/3074033

0 Helpful

sulemanshah29358
Level 1
Level 1
In response to Marvin Rhoads

‎04-09-2021 07:26 AM - edited ‎04-10-2021 02:10 AM

@Marvin Rhoads wrote:

If you want to disable the periodic Security Intelligence feed (which greatly reduces the effectiveness of your Firepower security appliances) you do it under Objects > Object Management > Security Intelligence (as shown below).

 

 

Do you recommend disabling it? I was looking for information online if it will be beneficial or not because I don't want to reduce the effectiveness of security appliance 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-09-2021 07:30 AM

I most definitely DO NOT recommend disabling it. As I noted earlier, that "greatly reduces the effectiveness of your Firepower security appliances"

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card