This document is intended for Cisco engineers and customers who are interested in deploying Cisco Firepower Management Center (FMC) 6.0 with Cisco Identity Service Engine (ISE 2.0 or higher) using (platform exchange Grid) pxGrid.
Note: as of Cisco FirePower 6.7, pxGrid 2.0 is supported. It is recommended to use at least ISE 2.4 (please check with Cisco Software on latest recommended release). There is no updated guide on the configuration as of this time, please reach out to the FirePower team
Please note that pxGrid remediation is not supported in Cisco Firepower Management Center FMC 6.0.
Cisco Firepower Management Center (FMC) 6.0 can now enforce an organizations security policy based on ISE session attribute information available through pxGrid. These security policies can be applied to and enforced by the Cisco Firepower to managed NGIPS sensors and/or an ASA with Firepower services. The ASA with Firepower services vsm also manage these policies locally via ASDM.
This document provides the details of configuring Cisco Firepower Management Center (FMC) 6.0 and pxGrid integration with ISE in an ISE Stand-Alone environment using self-signed certificates or using CA (Certificate Authority)- signed certificates.
In this document an ASA with Firepower services will be configured with the ASA Firepower (sfr) module and register with Cisco Firepower Management Center (FMC) 6.0 to use the centrally managed Cisco Firepower Management Center policy. The ASA with Firepower services will also be configured on-box with the Firepower intrusion policy and access control rule independent of the FMC.
The Cisco Firepower Management Center managed security policy and ASA on box Firepower Management policy will consist of an intrusion policy and Employee SGT access control rule for denying access to specific web categories.
Hello, I'm building an API that automates interactions with a cluster of Cisco ASAs. Part of this process is creating new DAP policies that associate an LDAP group with a network ACL. This appears to be trivial to do using the ADSM ...
HiI am using vESA with AsyncOS 13.5.3-10 and I got following errors in reputation log:- Error occurred while connecting your appliance to the Cisco Talos cloud service.- You must not decrypt the HTTPS traffic originating from the appliance on a netwo...
Hello everyoneI would like a clarification on the native vlan.By default a vlan is used, for example 99 as a native vlan without assigning any access port to avoid double tagging attacks.What is not clear to me is:1) Why do I have to set as a native vlan ...
Hello, I would like to protect our ASR router (connected to the ISP and the internal network) from Firewall session table flood attacks by configuring Firewall Session table protection. One of the restrictions I found here is https://conten...
Hi, I am looking for backup solution for FTD instance on Firepower device. we are deploying 2 instance of FTD on Firepower device. We are also deploying FTDv in our environment. We are using FMCv on KVM to manage these FTD devices. FMCv doe...