Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1635
Views
4
Helpful
8
Replies

How to configure Firepower FTD to fail to a secure state?

Go to solution
CiscoBrownBelt
Level 6
Level 6

‎03-20-2023 10:22 AM

Upon system reboot, initialization, abort, etc., how can you confirm the Firepower (FTD software) fails to a secure state and if you must configure, how do you do it and/or what is the syntex?

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-21-2023 11:02 AM

From this and several other questions you've posed it sounds like you are trying to document DISA STIG compliance.

I don't believe that FTD is compliant with this particular requirement, so you may need to use a compensating control.

View solution in original post

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to CiscoBrownBelt

‎04-14-2023 08:37 AM - edited ‎04-14-2023 08:38 AM

Not an alternate configuration - I was thinking more of an operational procedure to ensure the desired result. That is, doing something outside of the firewall to ensure continued system protection is in place, even it it means "fail close" - for example, disconnecting the interfaces until the configuration is verified good following a system failure. Either that or accept the risk of not meeting that particular requirement.

View solution in original post

8 Replies 8

Go to solution
Tariq Mahmoud
Level 1
Level 1

‎03-21-2023 05:19 AM

Can you elaborate further on what you mean by "secure state", or state your requirements? 

You can refer to the advisory lists below to check further if any FTD software is affected by any vulnerability  :
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
If there is a bug, you should patch, upgrade, or implement it's workaround. Beside that I believe the normal configuration should be okay.


0 Helpful

Go to solution
CiscoBrownBelt
Level 6
Level 6
In response to Tariq Mahmoud

‎03-21-2023 05:36 AM

The FTD will stop forwarding traffic if any of those events occur.

Go to solution
MHM Cisco World
VIP
VIP
In response to CiscoBrownBelt

‎03-21-2023 06:32 AM

SecureInLife: First step in Firepower Threat Defense

I think you talk about if SNORT is failed what FTD will do? it can open or closed
check link above 

Go to solution
CiscoBrownBelt
Level 6
Level 6
In response to MHM Cisco World

‎03-21-2023 08:47 AM

No I believe it is just in general what the FTD will do. Also, Im using FMC and there are no inline set configured or entries under the FTD.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-21-2023 11:02 AM

From this and several other questions you've posed it sounds like you are trying to document DISA STIG compliance.

I don't believe that FTD is compliant with this particular requirement, so you may need to use a compensating control.

Go to solution
CiscoBrownBelt
Level 6
Level 6
In response to Marvin Rhoads

‎04-13-2023 08:38 AM

Compensating control meaning an alternate config on the FTD?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to CiscoBrownBelt

‎04-14-2023 08:37 AM - edited ‎04-14-2023 08:38 AM

Not an alternate configuration - I was thinking more of an operational procedure to ensure the desired result. That is, doing something outside of the firewall to ensure continued system protection is in place, even it it means "fail close" - for example, disconnecting the interfaces until the configuration is verified good following a system failure. Either that or accept the risk of not meeting that particular requirement.

Go to solution
CiscoBrownBelt
Level 6
Level 6
In response to Marvin Rhoads

‎04-18-2023 08:40 AM

Ok right. Thanks!

0 Helpful
Review Cisco Networking for a $25 gift card
Top