Release 6.5 enhances TrustSec support with the following capabilities:
The ability to use Security Group Tags (SGTs) as destination matching criteria in access control rules (this is addition to the existing support for source matching criteria)
The ability to subscribe to the Security Group Tag eXchange Protocol (SXP) topic in Cisco ISE
SGTs shown in event messages
Prior to 6.5, SGTs were learned via inline or via ISE pxGrid session directory which only has informations from active endpoints that are authenticated via ISE. By expanding to include SXP mappings from ISE, FTD gains end-to-end visibility from a wealth of user identity, endpoint device, and network context information. By supporting SGT as both source and destination matching criteria, this enables you to now leverage Firepower to enforce stateful access control policies that based on context rather than IP addresses or network objects.
How It Works
Connecting FMC to ISE
Figure 1: 6.5 ISE Configuration
Firepower registers with ISE and subscribes to the selected pxGrid topics.
Currently the networking I'm on is using dynamic crypto maps to encrypt data going over an ISDN 30 link. We need to move away from this so I've configured up DMVPN with ipsec encryption. It looks like the DMVPN and encryption are working fine and I can pi...
Hi Guys,We have the cluster of four ACS servers running 18.104.22.168.8 (yes, very old l know).One of the secondary members is currently offline in the UI if you check master:It can reach the primary just fine but it's still not appearing online in the UI...
Hello,We have ASA's in active/standby with firepower modules.I was able to configure syslog and snmp on module installed on active asa using ASDM.But not sure how to do the same on module installed on standby asa as i can't connect to secondary asa using ...
We have Cisco 3750 switches throughout which we want to implement mac filtering. Is it possible to setup mac filtering to retrieve its allowed list from an external source. The reason is so technicians who dont understand Cisco can maintain the access lis...
Hican anyone point me to a detailed Document for backing up our FMC/FTD's to a remote location i can see the options of NFS/SMB/SSH I have tried creating a NFS backup but I get a failed to mount error, any help would be great. Thanks