Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1083
Views
0
Helpful
3
Replies

ASA 5508-X with FIREPOWER services - block all traffic in case of intrusion

Dib
Level 1
Level 1

‎12-11-2017 12:01 PM - edited ‎02-21-2020 06:56 AM

I am trying to implement a solution to block all traffic through an ASA device in case of an intrusion, and the block would be lifted manually later. Any idea how this can be achieved?

Labels:
0 Helpful
3 Replies 3

mikael.lahtela
Level 4
Level 4

‎12-11-2017 01:44 PM

Hi,

If you are using ISE for dot1x, then you could use Firepower with ISE to do a CoA on the client.
Or maybe you could use Cisco IOS Null Route module, it's under Actions>Modules.
But I haven't tried the second option yet.

Check this page out about Remediation.
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/api/remediation/FireSIGHT-System-Remediation-API-Guide/API-Intro.html

br, Micke
0 Helpful

Dib
Level 1
Level 1
In response to mikael.lahtela

‎12-12-2017 07:43 AM

Hi @mikael.lahtela

 

I'm not using ISE, just an ASA 5508-X with Firepower. The problem I have with the IOS Null route remediation is that it uses telnet.

I have looked at the remediation subsystem, and one of the methods I thought of is creating an access control policy which blocks Ingress and Egress traffic for an IP range in the Firepower management center and deploying it using a custom remediation. But, is it possible to deploy an access control policy from the FMC command line?

0 Helpful

mikael.lahtela
Level 4
Level 4
In response to Dib

‎12-12-2017 01:57 PM

No, you can not deploy access control policy from the FMC command line.
The options are GUI or API, doing some research on this but stuck at the moment.

br, Micke
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card