Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1708
Views
5
Helpful
3
Replies

FMC - Configuration Guides?

EdholmR
Level 1
Level 1

‎09-10-2018 01:36 AM - edited ‎02-21-2020 08:13 AM

Hey I was recently put in charge of our Firewall which I have very little knowledge of. We're using FMC and I need to setup logging (detect portscans/bad applications/system login attempts(ssh/web)) etc, I've been trying to google but I cant find anything useful. 

 

I've enabled logging on platform settings, and on our access-policies but I cant see anything useful on our syslog server.

 

There are other stuff I need to configure as well for example AMP/IDS/IPS. Any useful material for this? Is there a paid course or webinar to learn FMC?

 

I'm bit lost and I would love to learn.

0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-10-2018 02:21 AM

The configuration guides are all under the product support page for FMC:

 

https://www.cisco.com/c/en/us/support/security/defense-center-virtual-appliance/tsd-products-support-series-home.html

 

Those can be a bit overwhelming. For more a a primer, I'd recommend looking at the free Cisco Live presentations. There are also some great videos (also free for streaming) at labminutes.com.

 

Generally speaking you will get better context for any events from FMC itself rather than an external syslog server (unless it's part of a SIEM that's also doing correlation). If the ACP rules are set to log you should see connection events (Allow, Block, etc.), intrusion events etc. in FMC.

EdholmR
Level 1
Level 1
In response to Marvin Rhoads

‎09-10-2018 04:59 AM

I will definitely look at videos, I've configured our ACL to log syslog and event viewer. In the event viewer I can see the connections with block/allow action. Is it possible to log who connects to the VPN for example? I have enabled logging on those too but I only see "connections" not users etc. 

Preview file
19 KB
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to EdholmR

‎09-10-2018 10:45 AM

I'm not positive about the syslog entries for VPN logins, but there is a Dashboard you can use for VPN users. See Dashboard > Access Controlled User Statistics, VPN tab.

 

You can also create reports of the data that's displayed using the Report Designer button on the top right of that dashboard.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card