cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1630
Views
5
Helpful
1
Replies

Cisco ASA with Firepower Module - IPS/IDS, botnet protection

Hello @Rob Ingram  @balaji.bandi  @Richard Burts @Aref Alsouqi  

 

I have Cisco ASA with Firepower Module, I want to confirm that Firewall is having features like IPS/IDS, DNS filtering, Botnet Protection etc. 

 

There is one Internal server which exposed on port 443 for Public Access without moving it to DMZ zone, I want to make sure ASA is blocking all blacklisted IPs to connect to it.

 

How should I check that all these features are in place ?

 

Thanks 

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

Examine the Access Control Policy (ACP) rule that allows the incoming traffic. In addition the specific rule allowing the desired traffic, there should be a highlighted (non-dimmed) "Shield " icon on the right indicating an IPS policy is in place. Then check the Security Intelligence tab of the ACP to ensure all of the undesirable categories of traffic such as Botnet, CNC etc. are in the Blacklist column.

I'm not exactly sure what you mean by DNS Filtering. Can you elaborate on that one?

View solution in original post

1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

Examine the Access Control Policy (ACP) rule that allows the incoming traffic. In addition the specific rule allowing the desired traffic, there should be a highlighted (non-dimmed) "Shield " icon on the right indicating an IPS policy is in place. Then check the Security Intelligence tab of the ACP to ensure all of the undesirable categories of traffic such as Botnet, CNC etc. are in the Blacklist column.

I'm not exactly sure what you mean by DNS Filtering. Can you elaborate on that one?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: