06-12-2024 03:55 AM
SPI Enabled or not in FTD
My auditor ask the below points evidence, kindly check and pls help us
1.
Provide screenshot to show stateful inspection enabled on external firewalls in scope.
2.
Provide screenshot for anti-spoofing access list or similar settings on external firewall and/or router.
06-12-2024 09:40 AM
firewalls are by default stateful.. from cli "show conn" will show the stateful connection. as for anti-spoofing ..follow this: https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/interfaces_for_firepower_threat_defense.html#task_34BB9AC8E91946AB847C65FB79D67A5F
06-13-2024 12:28 AM
We are using the FMC-V setup, and not able to see the options which mentioned in the link
06-13-2024 01:40 AM
You have to connect and ssh to your FTD managment port. once connected you need to give command "system support diagnostic-cli" once you in the lina you can issue command "show conn"
Here good documentation to start from.
06-13-2024 10:32 PM
what version of FMC ? it doesnt matter virtual or hardware similar options should exist.. also "
show conn" can be run from the FMC for a device .
You can also access the CLI tool through the health monitor for the device (System (
) > Health > Monitor). From there, you can select the device, click the View System and Troubleshoot Details link, click Advanced Troubleshooting, then click Threat Defense CLI on that page.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide