Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1251
Views
0
Helpful
2
Replies

Best Practice for VPN traffic Policys

Go to solution
CW7
Level 1
Level 1

‎08-28-2019 03:51 PM - edited ‎02-21-2020 09:26 AM

Hi,

New the world of FirePower and FMC.  Have a Firepower 2100 appliance between my main router and Core Network switch.  Have an IPSec Site to Site VPN back to HQ that terminates on my main router.   In my FirePower Access Policy I have rules that catch all the VPN traffic according to source and destination networks.  The Action for this traffic is simply Allow, with no further inspection enabled.  Am thinking that is not best practice.  Run a Microsoft Active Directory, so there is a lot of file server access, Domain controller Access, etc, etc, going over the VPN.

 

What would be the best practices for IPS policy and File and Malware policy for this VPN traffic?  Should I just use the same policys I use for Internet Traffic (ie Use ALL firepower IPS recomendations and Block ALL identified malware and files)?  Not sure if any special exceptions need to be made, especially since I have Active Directory running.  How do you handle this type of VPN traffic on your networks?

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-28-2019 09:09 PM

If the traffic is decrypted prior to passing through the Firepower device (as I understand it to be given your explanation) then you should apply all of the standard inspections to it.

At the very least associate IPS and File policies (with Firepower Recommendations for your IPS policy) to the ACP rule(s) that allow the traffic. You can create a recurring job that periodically updates the Firepower Recommendations under the scheduling widget.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-28-2019 09:09 PM

If the traffic is decrypted prior to passing through the Firepower device (as I understand it to be given your explanation) then you should apply all of the standard inspections to it.

At the very least associate IPS and File policies (with Firepower Recommendations for your IPS policy) to the ACP rule(s) that allow the traffic. You can create a recurring job that periodically updates the Firepower Recommendations under the scheduling widget.

0 Helpful

Go to solution
CW7
Level 1
Level 1
In response to Marvin Rhoads

‎09-13-2019 11:24 AM

OK, did as you suggested with no issues so far. Thanks.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card