I have a client with ASA multicontext firewall running with Firepower 6.1 in it. They have limited bandwidth for Firepower on it with multiple 10 gig lines so they are restricting which traffic gets redirected to Sourcefire Module for fiiltering. They are trying to keep those ACLs as simple as possible, and are seeing results they arent totally happy with. Question is:
If you redirect specific traffic to the sourcefire based on an ACL associated with a service-policy per-interface, do those ACLs need to be bidirectional? What they are seeing for example is Inside-DMZ not getting redirected but the return traffic from DMZ-Inside on the same TCP session is getting redirected. Is that redirection bidirectional per-interface? Do they need an ACL that would say
permit Inside to Servers
permit Servers to Inside
on the same ACL if that policy was a class-map SFR for service-policy on the interface Inside?
Right now they just have "inside to Servers" and are still seeing redirects from "Servers to Inside", reportedly on same interface. I know its easy to test but wanted to ask the forum if that is the correct config method to use bidirection ACL on a specific interface policy for redirection to SFR module?
To help you better understand what makes Secure Endpoint such a valuable tool in their arsenal, we’ve summarised top tips which customers can use which can avoid them getting stalled in their implementation stages of the solution. Data tells us, at the po...
We’re excited to announce new capabilities with Secure Endpoint that allow you to simplify your security and maximize your security operations: Unify your security stack and reduce agent fatigue with Cisco Secure Client; harness integrated risk-based vuln...
Listen: https://smarturl.it/CCRS8E47 Follow us: twitter.com/CiscoChampion
Ransomware, fileless malware, and zero-day attacks continue to target organizations around the world. In response, organizations have resorted to deploying a variety of di...
This is a general information page for Cisco Threat Centric (TC-NAC) with ISE
Threat Centric Network Access Control (TC-NAC) feature enables you to create authorization policies based on the threat and vulnerability attributes received from the th...
The 2021 IT Blog Awards, hosted by Cisco, is now open for submissions. Submit your blog, vlog or podcast today. For more information, including category details, the process, past winners and FAQs, check out: https://www.cisco.com/c/en/us/t...