Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
572
Views
0
Helpful
1
Replies

Need help capturing source IP address in Cisco Firepower!!!

kaalingomes
Level 1
Level 1

‎04-15-2020 03:50 PM

Hello, we are using Cisco Firepower on our network. We are currently trying to locate the source IP address for a client sending DNS queries outbound to a particular address. When analyzing the packets, there is no source IP other than our internal domain controller which is handling our DNS. There's got to be a way to capture the IP of the client originating these queries, right? Any advice would be much appreciated!

 
0 Helpful
1 Reply 1

Muhammad Awais Khan
Cisco Employee
Cisco Employee

‎04-15-2020 04:43 PM

Hi,

 

This is the expected behavior, when domain controller sends request to external DNS for resoluition, it will send it with its own IP.

 

Is there any way to monitor the request before it reaches to your internal domain controller ? you may put an ACL at your core switch with a entry matching destination IP of the host with logging, ACL will be having permit only statements.

 

or you can check your Domain controller for the queries it received for the DNS resolution

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card