Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Have a new install of Prime Infrastructure v3.2 setup w/ IP x.y.1.1 . On a switch, I have configured flow records, flow monitors, and a flow exporter w/ destination x.y.1.1, port 9991/UDP . But when I logon to the PI web interface, I don't see anyt...
Firepower rule (connection) logging to Syslog: When configuring a rule and 'Send Connection Events to', and Syslog is selected, what is source IP of the host sending the Syslog message? Is it the IP of the Firepower Management Center, or the source...
Just realizing that we don't have room on our ESXI server.
Can Prime be installed on a regular, current generation server (with sufficient CPU, RAM, & disk space)? Or is it only supported as a VM, or on the Cisco appliance hardware?
Thank you.
Is there a way to deny large file transfers for common TCP protocols (SMB, NFS, FTP, SMTP, RDP)? Say for files of size 10MB, or 100MB?
I know this is a very general question, but is there a way to stop file transfers once a certain threshold is hit...
It seems to be getting information from the switch (like CPU utilization), but not a ton of information as I would expect (like Top N interface utilization has nothing, no top protocols/applications, etc.). On the switch, I have the ip flow monitors...
That makes a lot more sense (that the source is the device/sensor). Wasn't seeing anything logged from the FMC. I'll adjust my firewall rules to allow the sensor, and this should work now.
Thank you.
So you are saying to address blocking bad IPs as source address is accomplished w/ an intrusion policy? I thought the old botnet license functioned differently? Thank you.
With Firepower, I see how 'known malware/botnet' sites can be blocked via URL filtering, as destination addresses.
But how about the case when one is trying to block known malware/botnet sites, as source addresses? I do not see where this can be c...
