Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
390
Views
5
Helpful
1
Replies

ASA 5516 with Firepower ACL question and Best Practices for ACP's

cmichaels
Level 1
Level 1

‎05-29-2018 07:16 PM - edited ‎02-21-2020 07:49 AM

Hi All, I have a two part question. We have a Cisco ASA 5516 in ASA mode with the Firepower module with IPS/AMP/URL and a virtual FMC managing it....currently I have the module in "monitor-only" mode. My questions are:

 

1. Since the ASA has its own ACL's when does the traffic get redirected to the firepower module....does it go thru the ACL's on the ASA first then get redirected to the sensor to further inspection?

 

2. What would be the best practice when creating my Access Control Policy's in the FMC....should I write all my ACP's and define the traffic I want to get inspected and filtered then have an "any any" to allow traffic still to pass thru the sensor....remember I have ACL rules on the ASA....

 

Thanks,

Dan

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-30-2018 12:47 AM

The policy-map on the ASA has its own ACL to select traffic for inspection by the sfr module. That comes after any input ACL on the base ASA .

 

ASA OOO.PNG

 

Firepower ACP is primarily to control layer 4-7 actions and select associated Intrusion, Identity, SSL, file etc. policies.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card