Firepower: How to block traffic from PCs running Windows XP
I have a ASA 5525-X with Firepower. We still have some computers in our networks running Windows XP and I would like to block Internet-traffic from these computers. Of course I can maintain the IP-addresses in an access-list and block the traffic that way, but is it possible to do this more dynamic by using Firepower?
I haven't done this and Firepower doesn't make it easy but I believe you can use a Correlation Policy. You have to build a traffic profile and then a rule and finally a correlation policy that uses those building blocks and assign an action (i.e. Blacklist). However, Firepower has to be in a location to see the traffic with enough detail to authoritatively identify the OS. That can be problematic.
This sort of thing can be done better and more easily with Cisco ISE as its built-in profiling (a Plus license feature) is much more precise. It can then assign a downloadable ACL (DACL) dynamically to prevent Internet access while allowing all other internal access at the switchport (or Wireless client) level.
Usually no news means good news in security, but how do you know what is working, what could be better and where you should invest? Introducing the Cisco Security Outcomes Study.
We commissioned an independent survey of 4,800 active security a...
Cisco is happy to announce their Fall release, FTD 6.7/ASA 9.15.1/FXOS 2.9, which consists of 104 features across 24 initiatives, addressing technical debt while staying true to our five core investment areas: Ease of Use and Deployment, Unified Policy an...
Hi Team, I have one exclusion provided by internal team which is Is it right way to exclude ? *\Program Files\XYZ\* , as per Cisco Docs i see its not recommended because it will create performance issue when we use * at starting , So...
Central Log Management using Cisco Security Analytics and Logging, December 2nd at 8am-9:30am PT
Cisco Security Analytics and Logging is Cisco’s Central Log Management solution for Network Operations and Security Outcomes. It is delivered both as a c...