Firepower Threat Defense on ISR - DMVPN Phase 1 spoke to spoke traffic
If we are using an ISR 4000 series as a DMVPN hub (DMVPN Phase 1) and want to run a Firepower sensor on a UCS-E series compute module within that module, will the sensor see spoke to spoke traffic bouncing off the hub. If so, are we limited to IDS mode or is inline IPS mode possible?
Best I can tell based on the link below is that traffic needs to physically come in through a front panel port, be bridged to the sensor, then sent back to the router for it to be in IPS mode. That would not include DMVPN spoke to spoke traffic I would think. Finally, if we are able to do IPS mode for the traffic specified, are we able to write zone based firewall rules on the sensor? There is mention in Cisco docs that ZBFW is not supported on BDI in IPS mode so I would hope those rules would be written on the sensor.
Worst case scenario we can just do IOS ZBFW and IOS Snort IPS, however I don’t want to spend $$$ on a UCS-E series then find out I can’t do what I need to do.
Join us live on Tuesday, July 14 (and on demand after) to learn what impacts COVID-19 has had on the information security landscape from one of the people living that fight.
We'll take your questions live during the show and after, so post them belo...
TETRA Error Codes - Windows
Here are some common TETRA Error codes that you may find displayed in the dashboard as well as within the C:\Program Files\Cisco\AMP\<your_version>\sfc.exe.log or corresponding sfc.exe_<date>_<time>.logs. The...
Please note that the minimum cryptography settings in AnyConnect 4.9 have been increased. Please ensure that your head-end is properly configured for the more stringent cryptography settings (if applicable) or users will be unable to connect after updatin...
In this guide will we be taking a look at how to configure the web.config file using the URL Rewrite tool when deploying the TETRA update server. This guide is meant as a companion to the existing guides and to help fill in some in...