cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
160
Views
0
Helpful
4
Replies

can any one help me the reason behind why my FMC is connecting to sourcefire website every 30 minutes

i have observer every 30mints time frame FMC is connecting to  "intelligence.sourcefire.com" web site its showing as outbound connection and uploading the data. how do we stop or disable this activity in FMC.

4 REPLIES 4
Beginner

Re: can any one help me the reason behind why my FMC is connecting to sourcefire website every 30 minutes

Actually ,


FMC Need Internet Server access to update service database find below URL for reference .

you will get info that which URL need for which reason.

 

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/213260-firepower-connections-to-internet-server.html

 

  • intelligence.sourcefire.com   --->                            
    • Cisco Talos (only reached if using the Security Intelligence feature)

 

Highlighted
Hall of Fame Master

Re: can any one help me the reason behind why my FMC is connecting to sourcefire website every 30 minutes

If you want to disable the periodic Security Intelligence feed (which greatly reduces the effectiveness of your Firepower security appliances) you do it under Objects > Object Management > Security Intelligence (as shown below).

 

FMC SI Feed.PNG

Re: can any one help me the reason behind why my FMC is connecting to sourcefire website every 30 minutes

Thank you Marvin Rhoads.

sorry to bothering on this I have few more doubts.

1.when the selected feed is updating every 30 mints, the feeds are downloading from the website(Security Intelligence) its inbound connection right ? or it push the old feeds to website(Security Intelligence) and then update the feeds?

2. in my case it is showing the out bound connection like from FMC to website(Security Intelligence).

3. where can we see the what data it is uploading to website(Security Intelligence)?

Hall of Fame Master

Re: can any one help me the reason behind why my FMC is connecting to sourcefire website every 30 minutes

FMC initiates the communications and the new feeds are downloaded from Cisco at the site name you mentioned earlier. It is not uploading your data. You can see the downloaded feeds in the FMC server under /var/sf/iprep_download

Reference this thread:

https://community.cisco.com/t5/firepower/how-to-view-the-security-intelligence-feeds/td-p/3074033