11-12-2019 10:55 AM - edited 02-21-2020 09:41 AM
Hello,
We upgraded our 5505 to a 5506 with FirePower to take advantage of the increased bandwidth and the FirePower Services for security. Previously we had extensive object groups for access and denial and we wanted to transition to the FirePower for security as much as possible.
Out of the box our FirePower was broken and it took a couple of month to get Cisco to help us get that functional. But the stopped short of helping us understand how to configure it. They added one simple rule to allow everything and that was it.
I am now looking for help, direction, advice on how to configure the firepower for security. We would like to eliminate some of our groups that were mainly created to deny access to other countries, something firepower is said to do automagically via geo-fencing. I don't want to go down a rabbit hole with this one post, I would like to start with geo-fencing to allow north america only. Then we will strip out some of our groups and work from there.
Our old method was to subnets based on information off the internet. Then troubleshoot when someone couldn't send us email. It was messy and not a very clean way to secure a site.
Thanks in advance for any assistance.
11-12-2019 12:49 PM
Hello!
Can You tell us what license on firepower You have?
Also, do You have FMC or You want to configure FirePower from ASDM?
11-13-2019 05:50 AM
The only thing that I can find about FirePower licenses seems to imply that we have the Protection and Control licenses but not the URL Filtering or Malware. We also do not have FMC at this time and will be leveraging ASDM for configuration.
Thank you for your assistance.
11-13-2019 12:46 PM
01-23-2020 08:09 AM
Anyone else that can supply some direction here?
01-23-2020 11:23 AM
Sorry , I was busy , I try answer tomorrow
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: