Showing results for 
Search instead for 
Did you mean: 

Community Helping Community


Firepower awareness - user, appl



"Cisco Firepower provides full contextual threat analysis and protection, with awareness into users, user history on every machine, mobile devices, client-side applications, operating systems, virtual machine-to-machine communications, vulnerabilities, threats, and URLs." -


What products do customers need to offer to implement the "User, network, and endpoint awareness" features?

It seems to me that in addition to Firepower + FMC, Network Visibility module for Anyconnect  is also needed? 

Or please explain how Firepower, which is located on the external edge of the network, receives information about "a user working on a workstation + client-side applications" in the local network behind a proxy server ?



Hall of Fame Guru

Re: Firepower awareness - user, appl

If Firepower is only sitting on the network edge then you might not see intra-network visibility. It can be architected instead to also cover "east-west" traffic and provide the visibility mentioned in the data sheet without any additional products.

If you don't put it into the east-west path then other products such as Stealthwatch can provide this sort of visibility. It can ingest Netflow records from many locations, including the Anyconnect Network Visibility module. Generally though it suffices to gather flow records from the network equipment.


Re: Firepower awareness - user, appl

Thanks, Marvin! 


As I understand, is the same situation with the "Network file trajectory" ?

"Cisco maps how hosts transfer files, including malware files, across your network. It can see if a file transfer was blocked or the file was quarantined. This provides a means to scope, provide outbreak controls, and identify patient zero." -


If we don't put Firepower  into the east-west path of the traffic than we can not see file trajectory across customer network without additional products such as, for example, AMP for Endpoint ?


So, in design (case 1 in attach) without  AMP for Endpoint do I not see file trajectory between host B and C ?

Or do I need additional Firepower between host B and C (case 2 in attach) or AMP for Endpoint on both hosts ?


Could you correct me if I am wrong?




Hall of Fame Guru

Re: Firepower awareness - user, appl

In the hypothetical use case #2 you describe, Malware traffic that was exclusively between B and C would never transit the firewall so of course the firewall would have to way to detect or provide insight into that particular flow.

However in the real world, the malware would often be making calls to the Internet. In that case Firepower would see those calls from both B and C and thus be able to report that the same malware was seen on two hosts.

See this example:

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here