Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2970
Views
5
Helpful
3
Replies

Cisco Sandboxing

Go to solution
adamgibs7
Level 6
Level 6

‎09-25-2019 06:49 AM - edited ‎02-21-2020 09:31 AM

Dears,

 

I am planning to implement Fortinet Sand boxing solution and i have a ASA with firepower services, will this solution will work ??? the file which will be send to fortinet sandboxing by ASA will be recognized??? 

 

Please confirm.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to adamgibs7

‎09-25-2019 07:45 PM

When you use Firepower with an AMP (File) license, it communicates with the AMP public cloud via https (TLS over tcp/443).

It does not provide any feature or function to integrate with a third party on-premise sandboxing solution.

It can work with an AMP private cloud appliance in conjunction with a Threatgrid on-premise solution. 

https://www.cisco.com/c/en/us/products/collateral/security/fireamp-private-cloud-virtual-appliance/datasheet-c78-742267.html

View solution in original post

3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-25-2019 08:05 AM

A Cisco ASA (with or without Firepower services) has no capability that I am aware of to send files for analysis to third party products.

That is only available with Cisco's AMP license which uses the Cisco's Threatgrid cloud-based sandboxing services for analysis of unknown files.

0 Helpful

Go to solution
adamgibs7
Level 6
Level 6
In response to Marvin Rhoads

‎09-25-2019 10:03 AM - edited ‎09-25-2019 10:11 AM

Dear Marvin

Amazing, you have replies almost for all question i appreciate you dear.

so u are confirming me that it will not work with fortinet sandboxing solutions, but i want to know by what protocol FTD/ASA communicates with sandboxing either on cloud or on premises, if i m not wrong on cloud it will communicate with http/https or 8443, but what about on premises sand boxing solution.

That is only available with Cisco's AMP license which uses the Cisco's Threatgrid cloud-based sandboxing services for analysis of unknown files.

for the above sentence according to your reply , apart from the Threatgrid cloud-based sandboxing it can also work with on premises sandboxing solution. please correct me if i m not wrong.

 

Thanks 

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to adamgibs7

‎09-25-2019 07:45 PM

When you use Firepower with an AMP (File) license, it communicates with the AMP public cloud via https (TLS over tcp/443).

It does not provide any feature or function to integrate with a third party on-premise sandboxing solution.

It can work with an AMP private cloud appliance in conjunction with a Threatgrid on-premise solution. 

https://www.cisco.com/c/en/us/products/collateral/security/fireamp-private-cloud-virtual-appliance/datasheet-c78-742267.html

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card