Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1812
Views
0
Helpful
6
Replies

FTD: ISO 8583 APP. Signature ID

Gamal
Beginner
Beginner

‎01-08-2019 02:01 AM - edited ‎02-21-2020 08:38 AM

Hello,

 

We Have a valued customer that need to permit or deny Specific APP. called ISO 8583, When trying to use the app. from the Cisco Pre-defined APPs. List, I couldn't found it.

 

So, Is there any method to detect this APP. using the APP. detector or any other method to be able to block/Permit it through the access policies?!.

 

Thanks in advance,

0 Helpful
6 Replies 6

phil.hydea
Beginner
Beginner

‎01-08-2019 02:24 AM

Hi Gamal

You can create a custom application detector in the FMC (Policies >
Application Detector).

The key thing you'll need if working from scratch is a PCAP of the ISO8583
connection so the FTD can detect the app in Layer 7 analysis.

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Application_Detection.html#ID-2208-00000060

Once the application detector has been created, you can add it into your
ACP rule.

Hope this helps.
Phil

0 Helpful