Solved: Firepower 2100 running Transparent Mode

latenaite2011 · ‎11-05-2017

Just wondering if the 2100 Firepower appliance is running in transparent mode and we allow all traffic through, how does it protect the traffic from malicious activity?

Marvin Rhoads · ‎11-06-2017

You just select the Default Action as shown below when creating your Access Control Policy:

View solution in original post

Marvin Rhoads · ‎12-04-2017

Since it is not terminating the VPN it can do very little other than confirm that the packets conform to the IPsec protocol specification.

View solution in original post

Marvin Rhoads · ‎11-05-2017

Even if you don't have any block rules in your access control policy you should at the very least have a default Intrusion policy and use the Security Intelligence feed.

Most customers use the "balanced security and connectivity" intrusion policy. That intrusion policy will block intrusions with CVSS score 9 or greater from the current and past 2 years.

Please refer to Cisco Live presentation BRKSEC-3300 for more details.

latenaite2011 · ‎11-06-2017

Thank you for respond to this.

How should the default intrusion policy look like?

I should allow all traffic through so that it will get inspected and the
intrusion policy will block intrusions with CVSS score 9 or greater?

Marvin Rhoads · ‎11-06-2017

You just select the Default Action as shown below when creating your Access Control Policy:

latenaite2011 · ‎11-07-2017

Thank you Marvin. It was helpful.

latenaite2011 · ‎12-04-2017

Just curious if the Firepower can inspect Site-to-Site VPN through the Firepower. Is there anything special that needs to be for it?

Marvin Rhoads · ‎12-04-2017

Since it is not terminating the VPN it can do very little other than confirm that the packets conform to the IPsec protocol specification.

latenaite2011 · ‎12-04-2017

Ok, thank you Marvin.