Activating NGFW features on Firepower in Datacenter
I have a 4115 FTD at datacenter. Traffic from several locations passes through the firewall. These are connected through IPVPN and IPsec VPN to access resources in the datacenter ca.5000+ clients. Customer want NGFW features activated on the firewall for increased security after migrating from ASA. All licenses are active.
1. What is best practice for activting these features in this type of environment ? IPS,URL Filtering,AMP,AVC
2. Is there any prefered order or level ?
3. Is it possible to start with lowest possible settings for these and tighten them gradually over time ?
IPS with balanced security and connectivity ruleset along with Firepower recommendations setting is always a good start. URL Filtering is only of use if there is Internet-bound traffic going through the firewall. AMP is only of use if you see the streams with files in an unencrypted form. So a lot depends on the traffic flowing through the firewall.
the Cisco CPN Client for a long time to connect to a VPN Server. Now I've got a new machine with a Windows 7 64 bit. The Cisco VPN Client isn't avaiable in a 64 bit version. Cisco suggests to use Cisco AnyConnect instead because there'a 64 bit version ava...
May 2016Splunk is a powerful tool for analyzing information in your organization by collecting, storing, alerting, reporting, and analyzing machine data. With Cisco platform Exchange Grid (pxGrid) Splunk is able to proactively act on received network secu...
Happy to announce that we have an updated version of our Enabling AMP on Content Security Products - Best Practices (v3.0). Please feel free to review if you have questions regarding deployment of AMP (File Reputation and File Analysis).
Updated: July 2018
New: Updated format , Netflow configuration examples per platform (End of Table)
Note: Remember the table is scrollable horizontally to view other columns, not only vertically
IOS / IOS XE