Sourcefire Question

Lost & Found · ‎11-17-2015

Hi,

I would like to as the ff.

1. Is it possible to manually setup the time?

2 I have setup the application control. but its not working. the application still running.

thanks

johnlloyd_13 · ‎11-17-2015

hi,

yes, you can manually configure time or sync via NTP under Systems > Local > System Policy > Time Synchronization. see helpful link:

http://ccnpsecuritywannabe.blogspot.com/2015/09/cisco-firesight-and-firepower-next.html

could you post screenshots of your application policy? make sure you've ticked "Enabled" and it's being applied (Save and Apply)

Lost & Found · ‎11-17-2015

Hi John,

1. NTP SERVER.

I already changed the FW clock.

10.34.63.252 FW# sh clock
09:43:49.249 UTC Wed Nov 18 2015

Sourcefire 10.34.63.251> show time
UTC - Wed Nov 18 01:35:14 UTC 2015
Localtime - Tue Nov 17 20:35:15 EST 2015

and the time synchronization to ntp server 10.34.63.251 (Not sure w/ this IP add.) do i need to create a NTP server?

2 .Application Policy

Yes it enabled. and its being applied.

please see the attached file.

thanks

johnlloyd_13 · ‎11-18-2015

hi,

it's advisable to use a reachable NTP. just choose "Enable" and apply.

do you have ASA FW traffic redirected to FirePower? please post show run policy-map.

Lost & Found · ‎11-18-2015

Hi John,

I already enable it but nothing happen. Is it ok that i use the 10.34.63.251 (Firepower on ASA)?

FW# show run policy-map
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map policy
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp error
inspect icmp
class SFR
sfr fail-close

thanks