Enable stun protocol inspection - FTD2110

TJ01 · ‎11-24-2021

Hi ALL

Any option to enable stun protocol inspection for specific rules only in FTD2110

If not do we need to enable it in global policy ... what are supportive commands to enable this protocol

This is what we see atm

> show service-policy inspect stun

Globaly policy:

Service-policy: global_policy

Class-map: inspection_default

Marvin Rhoads · ‎11-24-2021

Since STUN protocol inspection is a legacy ALG (application layer gateway) inspection type and not exposed directly in the FMC (or FDM) GUI, we need to use a Flexconfig object to modify it. That can be done by creating a custom Flexconfig object and assigning it in your Flexconfig policy.

FMC Flexconfig Object for STUN

Flexconfig Policy

TJ01 · ‎11-24-2021

Thanks Marvin for your quick response on this ... What other options to enable this protocol if we using Firepower Device Manager instead - Sorry I am new to cisco ftd so still unable to find the option to use this protocol ... this is the only object type I got in FDM

Only able to see stun option to use in application filter but access rule is allowing for all application ..

Marvin Rhoads · ‎11-25-2021

In FDM, we setup FlexConfig via the following screens:

FDM Home Page

FDM FlexConfig Object

Once you have created the object (similar to how it is done in FMC), specify it in your FlexConfig policy and deploy.

TJ01 · ‎11-29-2021

Thanks Marvin, Is it applicable to specify interfaces and/or good practice for enabling an inspection of protocol ?

As we are defining the inspection under the global policy which is enabled on all interfaces ... will adding the interfaces limit this inspection on specified interfaces ?

Marvin Rhoads · ‎11-30-2021

We normally use a global policy. It is applied globally with "service-policy global_policy global".

If you only want to apply the inspection to a given interface (or interfaces) then you would define it in a differently named policy-map and apply it with a separate service-policy.