Solved: Cisco ASA with Firepower Module - IPS/IDS, botnet protection

LovejitSingh1313 · ‎12-04-2020

Hello @Rob Ingram @balaji.bandi @Richard Burts @Aref Alsouqi

I have Cisco ASA with Firepower Module, I want to confirm that Firewall is having features like IPS/IDS, DNS filtering, Botnet Protection etc.

There is one Internal server which exposed on port 443 for Public Access without moving it to DMZ zone, I want to make sure ASA is blocking all blacklisted IPs to connect to it.

How should I check that all these features are in place ?

Thanks

Marvin Rhoads · ‎12-04-2020

Examine the Access Control Policy (ACP) rule that allows the incoming traffic. In addition the specific rule allowing the desired traffic, there should be a highlighted (non-dimmed) "Shield " icon on the right indicating an IPS policy is in place. Then check the Security Intelligence tab of the ACP to ensure all of the undesirable categories of traffic such as Botnet, CNC etc. are in the Blacklist column.

I'm not exactly sure what you mean by DNS Filtering. Can you elaborate on that one?

View solution in original post

Marvin Rhoads · ‎12-04-2020

Examine the Access Control Policy (ACP) rule that allows the incoming traffic. In addition the specific rule allowing the desired traffic, there should be a highlighted (non-dimmed) "Shield " icon on the right indicating an IPS policy is in place. Then check the Security Intelligence tab of the ACP to ensure all of the undesirable categories of traffic such as Botnet, CNC etc. are in the Blacklist column.

I'm not exactly sure what you mean by DNS Filtering. Can you elaborate on that one?