Hello friends! I need your help again. How can I tested sensor in production? When I apply any of politic or settings to fire power I have a break in the network work.And it bothers me!It is not good tested in production.
What I have:
1.Internet -- ASA -- FIREPOWER - (Switch - - - MY LAN------)
I see it as a working version of my lan.
2.Can I use for testing this scheme:
Internet -- ASA - - (Switch - FIREPOWER - Switch - MY LAN------) Will it work?
Yes, the second scenario is supposed to work fine.
If you are using firepower module running on ASA,then you can try putting the module in monitor-only and monitor the traffic which is coming to the same.
If you have sensor, then you can enable inline set for interfaces and make sure first they are up
and then you can direct traffic, if in case you encounter the problem enable bypass for the interface so that traffic is bypassed through the sensor.
Note: make sure that interface settings such as duplex speed match the inline sets on the sensor
and on the sensor set it to auto negotiate.
Please mark and rate helpful posts.
Either you can set your ASA firepower in monitor only or inline mode.
When its in inline mode, it will inspect the traffic that is redirects from ASA to Firepower and Firepower will take the actions based on the policies that you mentioned.
If you dont need then you can just keep the Firepower in monitor only mode so that it will send just the copy of traffic to Firepower and it wont perform any inspection.
It would be good if you refer the following deployment scenario guides to understand more about how to setup and also refer the second link for initial installation and traffic redirection after installation.
http://www.cisco.com/c/en/us/support/docs/security/ips-sensor-software-version-71/113690-ips-config-mod-00.html (this is applicable for Firepower setup also )
Rate and mark correct , if the post helps you
OK! Thank you! I have 2 questions!
1.One man said me that if we want to use FirePower we need router :
Internet -- Router -- FirePower -- ASA -- LAN
In my lan ASA used as a router too.Can I used FirePower without Router:
Internet -- ASA -- FirePower -- LAN
2. I try to configure sensor. I want to see all information about my lan (host computers ports applications)
- I configured access control policy - network discovery only
- system find only hosts in my lan
I read manuals and if I understand correctly that for "application seen" I need to configure Active Scanning?
And I see that firesigh has application detectors, how can I use it? Сould there be best practice for using sensor?