Solved: Disabling SIP

man3mar3n · ‎11-11-2018

Hi,

I need to disable SIP in my FTD.

However, I don't have the options to issue the below command

configure inspection sip disable

.

I only have the below:

audit_cert             Change to Audit_cert Configuration Mode
configure              Change to Configuration mode
exit                   Exit Configuration Mode
expert                 Invoke a shell
history                Display the current session's command line history
kdump                  Enable or disable kernel crash dump data collection
log-events-to-ramdisk Configure Logging of Events to disk
log-ipconnection     Configure Logging of Connection Events
logout                 Logout of the current CLI session
manager                Change to Manager Configuration Mode
network                Change to Network Configuration Mode
password               Change password
show                 Change to Show Mode
system                 Change to System Mode
user                   Change to User Configuration Mode
vmware-tools           Configure state of VMware Tools

Can someone enlighten me on this issue?

Thank you very much.

matty-boy · ‎11-12-2018

So this is ASA with FP services? You’ll need to disable SIP inspection through ASDM or ASA CLI then, not through Firepower.

View solution in original post

matty-boy · ‎11-12-2018

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113069-asa-disgi-enai-asdm-00.html

View solution in original post

k.nandakumar · ‎11-11-2018

You have to use FlexConfig in FMC to disable SIP.

You'll find how to configure FlexConfig in below link. Have given some example. you may have to check the config to SIP.

https://www.youtube.com/watch?v=OMspnE9fq08

Regards,

Nanda

Securing Network With Firepower Threat Defense

matty-boy · ‎11-11-2018

From the chevron '>' prompt, please show us the result from typing...

> configure ?

You should be able to disable it from command line if you wish.

Cheers,

Matt

man3mar3n · ‎11-11-2018

Hi,

Below are the results from > Configure ?

> configure

audit_cert Change to Audit_cert Configuration Mode
kdump Enable or disable kernel crash dump data collection
log-events-to-ramdisk Configure Logging of Events to disk
log-ips-connection Configure Logging of Connection Events
manager Change to Manager Configuration Mode
network Change to Network Configuration Mode
password Change password
user Change to User Configuration Mode
vmware-tools Configure state of VMware Tools

Abheesh Kumar · ‎11-11-2018

Hi,

Go to FTD clish

> configure inspection sip disable

will help you to disable sip inspection.

HTH

Abheesh

man3mar3n · ‎11-11-2018

Hi,

That is what Cisco manual says as well.

But I don't see the option in the FTD clist.

I only see the below :

> configure

audit_cert                           Change to Audit_cert Configuration Mode
kdump                                 Enable or disable kernel crash dump data collection
log-events-to-ramdisk        Configure Logging of Events to disk
log-ips-connection             Configure Logging of Connection Events
manager                             Change to Manager Configuration Mode
network                              Change to Network Configuration Mode
password                            Change password
user                                    Change to User Confiuration Mode
vmware-tools                     Configure state of VMware Tools

matty-boy · ‎11-11-2018

Please post output from > show version

man3mar3n · ‎11-11-2018

Hi,

Below are my > sh version

> show version
-----------------[ xxxx-Firepower ]-----------------
Model                     : ASA5515 (72) Version 6.2.2 (Build 81)
UUID                      : 5795d1ba-741e-11e8-898d-dcdefb6d8f3b
Rules update version      : 2016-11-29-001-vrt
VDB version               : 271
----------------------------------------------------

matty-boy · ‎11-11-2018

Weird. Are you logged in as a user with full admin rights?

man3mar3n · ‎11-12-2018

Hi,

I logged in as admin.

There is only 1 user which is admin.

Abheesh Kumar · ‎11-12-2018

are you managing this with FDM or FMC. If FMC you can do this via Flex config

Create a Flex Config Object and enter below command

policy-map global_policy
class inspection_default
no inspect sip

Then bind this Flex object to Flex Policy.

HTH

Abheesh

man3mar3n · ‎11-12-2018

Hi,

I don't have FMC.

The firewall is with ASDM.

matty-boy · ‎11-12-2018

So this is ASA with FP services? You’ll need to disable SIP inspection through ASDM or ASA CLI then, not through Firepower.

matty-boy · ‎11-12-2018

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113069-asa-disgi-enai-asdm-00.html

man3mar3n · ‎11-12-2018

Hi,

Yes, this is ASA 5515x with Firepower Services.

I already disable it in ASA.

So that should be fine.

Thanks.