03-13-2017 11:11 PM - edited 03-10-2019 06:47 AM
hi,
Anyone know if there's a official hardening guide for Cisco Firepower 4100 series platform ?
I only manage to find guide for ASA Firewall
Thank you.
03-14-2017 06:50 AM
There isn't one that I know of. However note if you are running the ASA image you can follow that. FTD is too new to have one out.
Note there are some features introduced in FX-OS 2.1(1) that are specific to hardening. Among them are:
■You can now use the FXOS Chassis Manager to enable FIPs/Common Criteria mode to support achieving compliance with FIPS (Federal Information Processing Standard) 140-2 and Common Criteria security certifications.
■FXOS 2.1(1) contains several new features and numerous enhancements to support achieving compliance with the UC-APL (Unified Capabilities Approved Product List) security certification:
–Enable/Disable FIPS/CC Mode using Firepower Chassis Manager
–Configuring Management ACL (ip-block) via Firepower Chassis Manager
–Configuring SSH Server – MAC Authentication via Firepower Chassis Manager
–Configuring SSH Server – Encryption Algorithms via Firepower Chassis Manager
Source: http://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/fxos211/release/notes/fxos211_rn.html#pgfId-148118
01-04-2018 12:40 PM - edited 01-04-2018 12:42 PM
I wrote something in my blog about the ICMP issues (https://www.lammle.com/about/blog/) where I discuss how the FTD is NOT like the ASA...this basically describes the hardening problem and provides only the ICMP solution.
I am working hard on writing a hardening chapter for my new FTD book..March 2018!
This is desperately needed by ALL my customers!!
Todd Lammle
01-15-2019 02:31 AM
Does anyone have Cisco Firepower, FTD, FMC hardening guide.
01-15-2019 06:33 AM
01-15-2019 08:51 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide