Hi all,
I seeking for some help for one issue that i am facing with one ASA and firesight.
To briefly explain, our company is providing an IT infrastructure to small companies. Basically, the clients connect via RDP from the internet to our systems, and our ASA firewall is NATing the traffic to inside to the appropriate server(even though it is not super secure:( ) and get their working environment in our Datacenter.
I am using firesight with TAMC licence (url filtering, malware, IPS) and it is working well BUT :
- Regularly, we have the firesight that blocks ALL traffic, which stops completely the business
- Some servers inside are considered as compromised (CnC- Connected - The host may be under remote control)
When this happens, i need to connect to the ASA (which is the only device i can connect to, and deactivate the the firepower inspection in the service policy rules. It looks like that every times there is a threat or anything that looks compromised, all the traffic is stopped and we loose totally the access to our datacenter (which we are working remotely)
Some help would be very much appreciated
Thanks
Emmanuel
