This document is intended for Cisco engineers and customers who are interested in deploying Cisco Firepower Management Center (FMC) 6.0 with Cisco Identity Service Engine (ISE 2.0 or higher) using (platform exchange Grid) pxGrid.
Note: as of Cisco FirePower 6.7, pxGrid 2.0 is supported. It is recommended to use at least ISE 2.4 (please check with Cisco Software on latest recommended release). There is no updated guide on the configuration as of this time, please reach out to the FirePower team
Please note that pxGrid remediation is not supported in Cisco Firepower Management Center FMC 6.0.
Cisco Firepower Management Center (FMC) 6.0 can now enforce an organizations security policy based on ISE session attribute information available through pxGrid. These security policies can be applied to and enforced by the Cisco Firepower to managed NGIPS sensors and/or an ASA with Firepower services. The ASA with Firepower services vsm also manage these policies locally via ASDM.
This document provides the details of configuring Cisco Firepower Management Center (FMC) 6.0 and pxGrid integration with ISE in an ISE Stand-Alone environment using self-signed certificates or using CA (Certificate Authority)- signed certificates.
In this document an ASA with Firepower services will be configured with the ASA Firepower (sfr) module and register with Cisco Firepower Management Center (FMC) 6.0 to use the centrally managed Cisco Firepower Management Center policy. The ASA with Firepower services will also be configured on-box with the Firepower intrusion policy and access control rule independent of the FMC.
The Cisco Firepower Management Center managed security policy and ASA on box Firepower Management policy will consist of an intrusion policy and Employee SGT access control rule for denying access to specific web categories.
Hello,I have created an IPSEC Site to Site tunnel between an ASA 5506 in Singapore and an ASA 5505 in New York.I would like our Singapore network (192.168.192.0 /24) to be able to communicate with two subnets in New York, our internal subnet (192.168.170....
Hi, Can someone please help me figuring out why my Cisco ASA 5508 floating backup default route is active even if the Primary still up? My expected result is I should not be able to ping the Backup IP if the primary still up but what's happening is I...
Hi, I am using a Cisco FP1010 running ASA software. The ASA software on the 1010 runs on top of fxos.I installed 3 software bundles 9.14(1), 9.14(2) and 9.15(1) (using the downgrade disk1:/<image> disk1:/<config>)How can I manage these im...
we've been asked to configure the parameters on Cisco ASA while Azure is on the client's end. sh crypto isakmp shows State : MM_ACTIVE however, when I try the packet-tracer command, Phase 8: VPN state is DROP. Can someone give me an idea wh...
Hello, I am helping a customer moving their vFMC to new hardware, but with the same network configuration.I just wanted to verify that I don't miss anything when planning this:The plan is to install the same FMC and VDB version on the new hardware. T...