cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1057
Views
0
Helpful
2
Replies

Best Practice for VPN traffic Policys

CW7
Level 1
Level 1

Hi,

New the world of FirePower and FMC.  Have a Firepower 2100 appliance between my main router and Core Network switch.  Have an IPSec Site to Site VPN back to HQ that terminates on my main router.   In my FirePower Access Policy I have rules that catch all the VPN traffic according to source and destination networks.  The Action for this traffic is simply Allow, with no further inspection enabled.  Am thinking that is not best practice.  Run a Microsoft Active Directory, so there is a lot of file server access, Domain controller Access, etc, etc, going over the VPN.

 

What would be the best practices for IPS policy and File and Malware policy for this VPN traffic?  Should I just use the same policys I use for Internet Traffic (ie Use ALL firepower IPS recomendations and Block ALL identified malware and files)?  Not sure if any special exceptions need to be made, especially since I have Active Directory running.  How do you handle this type of VPN traffic on your networks?

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

If the traffic is decrypted prior to passing through the Firepower device (as I understand it to be given your explanation) then you should apply all of the standard inspections to it.

At the very least associate IPS and File policies (with Firepower Recommendations for your IPS policy) to the ACP rule(s) that allow the traffic. You can create a recurring job that periodically updates the Firepower Recommendations under the scheduling widget.

View solution in original post

2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

If the traffic is decrypted prior to passing through the Firepower device (as I understand it to be given your explanation) then you should apply all of the standard inspections to it.

At the very least associate IPS and File policies (with Firepower Recommendations for your IPS policy) to the ACP rule(s) that allow the traffic. You can create a recurring job that periodically updates the Firepower Recommendations under the scheduling widget.

OK, did as you suggested with no issues so far. Thanks.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: