03-27-2017 03:46 AM - edited 03-10-2019 06:48 AM
Connection events not appearing for whitelisted IP through security intelligence in FMC
Solved! Go to Solution.
03-27-2017 07:48 PM
Secuirty intelligence does work on traffic to or from a given address. However it does always apply to the feed supplied by Cisco.
For more on the feature, please see this section in the Configuration Guide:
http://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/security_intelligence_blacklisting.html?bookSearch=true#ID-2192-00000005
03-27-2017 08:38 AM
Whitelisting addresses under Security Intelligence only has an effect on addresses that would normally be blocked by that feed.
If you want to whitelist any other addresses, you need to do it via a source or destination address called out in a distinct rule in your Access Control Policy.
03-27-2017 08:38 AM
Thankyou Marvin for your response.
Does this feed solely works on Source IP as classified by Cisco ?
03-27-2017 07:48 PM
Secuirty intelligence does work on traffic to or from a given address. However it does always apply to the feed supplied by Cisco.
For more on the feature, please see this section in the Configuration Guide:
http://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/security_intelligence_blacklisting.html?bookSearch=true#ID-2192-00000005
03-30-2017 04:56 AM
Thankyou Marvin.Could you please help me with below 2 questions: 1)how to check ssl version on FMC? 2)how to login in FMC via cli as local credentials not working?
03-30-2017 08:10 AM
You're welcome. Please mark your original question as answered if it has been.
To check SSL ciphers, I use the open source tool nmap. There is a script that will enumerate the ciphers and let you all all of the supported ciphers.
https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html
If the local credentials are not working (and you haven't setup external authentication), you will have to recover/reset the password. There is a Cisco technote that covers the procedure in detail here:
http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118631-technote-firesight-00.html#anc2
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide