Hi,
New the world of FirePower and FMC. Have a Firepower 2100 appliance between my main router and Core Network switch. Have an IPSec Site to Site VPN back to HQ that terminates on my main router. In my FirePower Access Policy I have rules that catch all the VPN traffic according to source and destination networks. The Action for this traffic is simply Allow, with no further inspection enabled. Am thinking that is not best practice. Run a Microsoft Active Directory, so there is a lot of file server access, Domain controller Access, etc, etc, going over the VPN.
What would be the best practices for IPS policy and File and Malware policy for this VPN traffic? Should I just use the same policys I use for Internet Traffic (ie Use ALL firepower IPS recomendations and Block ALL identified malware and files)? Not sure if any special exceptions need to be made, especially since I have Active Directory running. How do you handle this type of VPN traffic on your networks?
