Sourcefire Security Zones

p.obourdin · ‎11-16-2015

Hello,

I'd like to set up Access Control Rule, which uses a Security Zone.
Setting up the security zones was easy and Sourcefire picked the different ASA interfaces without any problems.

Traffic does not get labeled with a zone though, so I can't use this, and this makes me wonder what the actual purpose of these zones is or if there is a setting that I am missing to label traffic per zone.

The rule I inteded to create was for traffic coming from external networks, and so the only way I see to do this now is by matter of making all internal traffic hit a rule prior to letting it hit an any rule, is this the only way to do this?

Regards

Aastha Bhardwaj · ‎11-17-2015

Hi,

Check : http://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT-System-UserGuide-v5401/Managing-Objects.html#pgfId-7621103

The last part is not very clear , can you tell me what rules are already created ? And what is the new rule that you are trying to create.

Regards,

Aastha Bhardwaj

Rate of that helps!!!

p.obourdin · ‎11-17-2015

Hello Aastha,

The rules prior to this are:

originating from private subnet A: this rule

originating from private subnet B: this rule

originating from private subnet C: this rule

By elimination all non private networks : this rule

The setup works like this.
The problem is that traffic is not getting marking with a security zone, even though these have been defined, and thus the setup has to be like this instead of:

originating from Outside: this rule

The connection events are not searchable on security zone either.

Regards,