I need a guide here. What is the best practice and the correct way to implement Firepower Policies/rues? We currently have the Firepower in production with no policies in place (all traffic passes through the Firewall without any inspection).
Best practices vary widely according to your existing environment and what, if any, other security controls and policies are in place in your organization. depending on your environment and location you may also have legal or regulatory requirements that should be implemented in your firewall policy.
It's safe to say though that you should at least be doing network discovery and have in place the basic balanced security IPS policy.
Anything allowed inbound from the Internet or less secure interfaces should not get full access to internal resources but to select resources placed in a DMZ.
Knowing more about your overall design and what you're trying to protect would help.
On February 24, 2020, the Cisco PSIRT published eleven (11) vulnerabilities in Cisco FXOS and NX-OS Software. Eight (8) out of the eleven (11) vulnerabilities were found by our internal security and engineering teams, two were found by TAC during the trou...
Hello All, i have two vm firepower as HA and they are working fine as HA the traffics going through fin but there is a red mark shows on the HA, can someone tell me what does that mean please? This only appears on the HA not in individual device...
Software Checker and Automation
This event had place on Thursday 23rd, January at 10hrs PDT
Omar Santos is an active member of the cyber security community, where he leads several industry-wide init...
Securing What's Now and What's Next. With our annual global survey of 2,800 security leaders, we dove deep to compile key benchmark statistics. The 2020 CISO Benchmark Report provides valuable takeaways and data on the most pressing cybersecurity to...
I have 2 Firepower module (ASA 5525) with Malware and IPS licence. Recently i changed the Malware policy action set to "Block Malware" and "Reset Connection". How to log the event if my policy blocked any files? Please find the attached screen shot f...