09-22-2015 07:14 PM - edited 03-12-2019 05:46 AM
We have recently installed a Cisco 5525X ASA and have fireshight manager installed. We have registered all licenses and IPS, AMP. control and protection.
HOwever, we are unable to register sensing interfaces and/or get any traffic through. Have configured for traffic to be redirected to the Firesight manager.
Is there any command or anything I have not configured or can check?
09-23-2015 06:48 PM
Traffic is not redirected to FireSIGHT Manager - it's redirected to the ASA's FirePOWER module. Can you verify you've done that with your service-policy in the ASA?
Have you built Intrusion, File, Network Discovery policies in FireSIGHT and applied them in an Access Control Policy?
09-23-2015 07:27 PM
Yes thank you for the correction, redirected traffic to the SFR Module:
We have used the default access policy/Intrusion policy. We can only pick up OS & Server Applications. we havent applied any other policies.
Just need some guidance to what we require to setup in order to start receiving some events. FOr eg: do we do network discovery and then access policy & then intrusion etc???
09-24-2015 05:41 AM
There is a good guide to the policies you should setup in Cisco Live presentation BRKSEC-2018. It explains the various policy types and their respective functions.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide