Firepower - DNS Inspection for _cisco-uds._tcp.* (Cisco Jabber)
I am trying to filter DNS request from VPN Clients calling for "_cisco-uds._tcp.*" but when I did the obvious from the Connection Events Tab and trying to add the domain to the global blacklist it says that it is an invalid domain.
Priviously on the old ASA there was a an extra policy-map with regex matching on "_cisco-uds._tcp.*" tied to the global policy-map dns inspection that took care of it.
Since I ran into trouble by adding the domaoin to the global DNS blacklist I also tried it with an custom DNS list and DNS policy without luck.
What would be the best solution to drop/filter the DNS requests from the VPN Clients ?
This is to address those customers coming to ISE from ACS or new to ISE that need a password change portal (UCP)
What are the licensing requirements for this solution?
My Devices - For using the password change with My Devices you need plus licenses as ...
In this paper we will document the configuration and operation of an integrated solution that includes identity management, firewall, cloud-based management, and cloud-based logging.
We will use the following Cisco products:
These days everything is in the cloud. We all know that Cisco Firepower Threat Defense (FTD) is a unified software image, which includes the Cisco ASA features and FirePOWER Services. Using Cisco Defense Orchestrator (CDO), you can manage physical or virt...
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that provides a simple, consistent, and highly secure way of managing security policies on all your ASA devices. CDO helps you optimize your ASA environment by identifying problems wi...