Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1584
Views
10
Helpful
1
Replies

Prefilter/Fastpath pertaining to ASA X with FP Services

Go to solution
nigelb
Level 1
Level 1

‎09-19-2018 07:03 AM - edited ‎03-12-2019 06:58 AM

Hi, I'm just looking for clarification regarding the Prefilter Policy and FastPathed traffic as it relates to an ASA with Firepower Services, as opposed to FTD image.

Am I correct in assuming that these are functions of the ASA rather than the FP Module, i.e. the Service Policy is, in effect, the DAQ?

If this is the case, does the Prefilter Policy have any effect within the FP Module when configured via a FMC?

 

Many thanks

 

Labels:
Preview file
110 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mikael.lahtela
Level 4
Level 4

‎09-19-2018 08:01 AM

Hi,

Pre-filter policy has no effect on FP module as this is for FTD usage.
To get same effect you would configure service policy on the ASA to pre-filter traffic from the module.

"Prefiltering Model Restrictions
In the Firepower System. prefiltering is supported on Firepower Threat Defense devices only.

Prefilter policies deployed to Classic devices (7000 and 8000 Series, NGIPSv, ASA FirePOWER) have no effect. Instead, use early-placed Trust and Block access control rules to approximate prefilter functionality, keeping in mind the differences between the two features."

https://www.cisco.com/c/en/us/td/docs/security/firepower/622/configuration/guide/fpmc-config-guide-v622/prefiltering_and_prefilter_policies.html

br, Micke

View solution in original post

1 Reply 1

Go to solution
mikael.lahtela
Level 4
Level 4

‎09-19-2018 08:01 AM

Hi,

Pre-filter policy has no effect on FP module as this is for FTD usage.
To get same effect you would configure service policy on the ASA to pre-filter traffic from the module.

"Prefiltering Model Restrictions
In the Firepower System. prefiltering is supported on Firepower Threat Defense devices only.

Prefilter policies deployed to Classic devices (7000 and 8000 Series, NGIPSv, ASA FirePOWER) have no effect. Instead, use early-placed Trust and Block access control rules to approximate prefilter functionality, keeping in mind the differences between the two features."

https://www.cisco.com/c/en/us/td/docs/security/firepower/622/configuration/guide/fpmc-config-guide-v622/prefiltering_and_prefilter_policies.html

br, Micke
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card