Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1137
Views
0
Helpful
1
Replies

Configure firepower to detect exploits

Brad_Shawh
Level 1
Level 1

‎03-19-2021 11:09 AM

How can I configure Firepower to detect inbound exploits i.e., if somebody is trying to exploit a known vulnerability to the box itself or to a resource exposed to internet.

 

We have Firepower 6.5 and various version of ASA

0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-19-2021 12:13 PM

Traffic to the box is pretty locked down by default. Just verify that you haven't opened up the management interface to the public Internet.

Traffic through the box is controlled by the various policies. If you have any inbound polices (allowing traffic to systems you host) then make sure they have an associated IPS policy. If you are allowing traffic inbound to servers using SSL/TLS then decrypt with the known key so that Firepower can do it's job inspecting the plaintext traffic. Finally, set your FMC to periodically check for and apply Firepower recommendations based on the passively observed traffic it sees.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card