Virtual Routing and Forwarding (VRF) is a mechanism to segment a single router into multiple virtual routers that do not pass traffic between them. It allows multiple instances of the routing table to co-exist within the same router at the same time.
Frequently Asked Questions
Question 1: How do Sourcefire appliances work in a VRF deployment?
VRF does not require any special support or configuration in Sourcefire products as it is completely transparent to the device monitoring the traffic.
The only way this could become an issue is if someone is using a aggregator to combine traffic from multiple different networks into a single interface set or detection engine. In this case, the 3D System is unable to distinguish between two different hosts with the same IP address.
Question 2: How is the traffic in a VRF network analyzed?
Lets consider a scenario as an example:
There are multiple networks with 172.22.x.x. Some networks are in the virtual routing table (in VRF), and some networks are not. If a Sourcefire appliance generates alerts from one of the 172.22.x.x networks, is it possible to determine the correct network of origin from the alert? The handling of this scenario is not specific to the use of VRF. As long as the Sourcefire appliances are configured so that each network is monitored by a unique detection engine, then the name of the detection engine can be used to distinguish between events. However, RNA will not work in this case as the network map does not distinguish hosts by the reporting detection engine. RNA will combine all hosts using the same IP address into a single entry in the network map.
Question 3: How are events generated from VRF network traffic identified?
When the alert is triggered, the "packet view" of the event will be the same as the other (non-encapsulated, non-VRF) events. However if each network is being monitored by a unique detection engine, the name of the detection engine can be used to distinguish between events.
Hello, I am running Cisco ISE 3.1 with Cisco FTD and Cisco AnyConnect VPN clients for remote users. I would like to configure device profiling with the above setup. Which profiling probes I can use the best to achieve profiling based on devices...
Is it possible to modify default username for Cisco Firepower devices specifically 'admin'.. i dont think it is but not sure. can i get a reference document for it ? i am being asked as part of Build Compliance to modify username of all default accounts.
We are decommissioning the media servers and we are moving to a different system over time. So we have one media server we can remove but get an error when clicking "Delete" on the server: Operation failed: Server [Media Sever Name] with cameras...
I have just added a our first AWS instance to you our ISE Deployment and when I join it to the Active Directory domain the following tests are failing/showing a warning:The same tests on the physical appliances work.On the AWS node an nslookup for _l...