05-14-2018 03:42 AM - edited 02-21-2020 07:45 AM
Hello,
I'm using firepower 4110 of now and is it possible when some host trigger intrusion rule then system auto add that ip into blacklist for a while?
If can, kindly tell me how to do that ,thank you.
Regards,
Ben
05-14-2018 05:23 AM
Hi
You can do that using ISE host remediation.
You would need to integrate FMC to ISE which would quarantine the host with dacl on switch using policies configured on FMC.
Hope it helps,
Yogesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community