07-05-2016 04:00 AM - edited 03-12-2019 06:03 AM
Hello friends! I need your help again. How can I tested sensor in production? When I apply any of politic or settings to fire power I have a break in the network work.And it bothers me!It is not good tested in production.
What I have:
1.Internet -- ASA -- FIREPOWER - (Switch - - - MY LAN------)
I see it as a working version of my lan.
2.Can I use for testing this scheme:
Internet -- ASA - - (Switch - FIREPOWER - Switch - MY LAN------) Will it work?
Thank you!
07-05-2016 04:30 AM
Hi,
Yes, the second scenario is supposed to work fine.
If you are using firepower module running on ASA,then you can try putting the module in monitor-only and monitor the traffic which is coming to the same.
If you have sensor, then you can enable inline set for interfaces and make sure first they are up
and then you can direct traffic, if in case you encounter the problem enable bypass for the interface so that traffic is bypassed through the sensor.
Note: make sure that interface settings such as duplex speed match the inline sets on the sensor
and on the sensor set it to auto negotiate.
Please mark and rate helpful posts.
Thanks,
Ankita
07-05-2016 05:30 AM
I use only Sensor.
Thank you for your answer. At first i need to use sensos for discovering network.And 2 scheme will be work! I try it to testing!
But in production i think it is only firsh scheme can works.
07-05-2016 06:00 AM
Do I understand correctly that if i use sensor as passive i can discovering my network?
07-05-2016 07:40 AM
Hello Team,
Either you can set your ASA firepower in monitor only or inline mode.
When its in inline mode, it will inspect the traffic that is redirects from ASA to Firepower and Firepower will take the actions based on the policies that you mentioned.
If you dont need then you can just keep the Firepower in monitor only mode so that it will send just the copy of traffic to Firepower and it wont perform any inspection.
It would be good if you refer the following deployment scenario guides to understand more about how to setup and also refer the second link for initial installation and traffic redirection after installation.
http://www.cisco.com/c/en/us/support/docs/security/ips-sensor-software-version-71/113690-ips-config-mod-00.html (this is applicable for Firepower setup also )
http://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configure-firepower-00.html
Rate and mark correct , if the post helps you
Regards
Jetsy
07-06-2016 12:02 AM
OK! Thank you! I have 2 questions!
1.One man said me that if we want to use FirePower we need router :
Internet -- Router -- FirePower -- ASA -- LAN
In my lan ASA used as a router too.Can I used FirePower without Router:
Internet -- ASA -- FirePower -- LAN
2. I try to configure sensor. I want to see all information about my lan (host computers ports applications)
- I configured access control policy - network discovery only
- system find only hosts in my lan
I read manuals and if I understand correctly that for "application seen" I need to configure Active Scanning?
And I see that firesigh has application detectors, how can I use it? Сould there be best practice for using sensor?
07-12-2016 01:16 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide