Category Archives: Firepower

Cisco ASA w/ Firepower

1. Download the Cisco FireSIGHT Management Center Virtual Appliance from Cisco Support & Downloads site.
2. Download VM ESXI.
3. http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center-virtual-appliance/118645-configure-firesight-00.html

You need to have the following license:
Control License , Cisco Intrusion Protection (IPS)

http://www.thesecurityblogger.com/how-to-configure-an-asa-with-sourcefire-firepower-home-lab/

RDP Sourcefire via WEB

1. Health Monitor – Should be green

2. Health Policy – Enable the ff:
CPU Usage – Of the system
Card Reset – reset if something wrong is detected
Discovery Events Status –
User Agent Status Monitor –
3. Health Event – List of events of health check gives the status by the system run periodically.
4. Blacklist – If you want to disable the device (When you perform maintenance of the system and will not be available for a certain period of time)
5. Health monitor alert.
6. After Configuring Device Mgmt verify health policy the apply.

1. Local-System Policy – Configuration & System default policy.
2. Updates – Product update Download or Upload patch, Rule Updates and Geolocation Updates must be set.
3. Licenses – Add Licenses (REQ: Control License and IPS)
4. Monitoring –
5. After Configuring Device Mgmt verify health policy the apply.

1. Add group
2. Add device – Fill the following (Note: registration key must be the same with the Firewall Firepower.
3. SSH to firepower service – Make the firesight IP know to Firepower
>configure manager add 10.X.X.X (Firesight IP) cisco (key)
>Show managers (To verify)

1. Access Control – logging check the log at end of connection send to defense center.

ON FIREWALL: Need to redirect traffic to the service module.
1. Create ACL, Class map and policy map.
2. Verify Show service-policy.

164.1 – Creating network object to define IP address scope.
1. Individual Object (fillup name and network)
2. Modify Discovery policy delete the default and add the object

Policies > network discovery
Create new topology

164.3 – Create Policies
1. Policies > Action > Instances
2. Scanner NMAP

Advertisements

Firepower System Requirements

ASA FirePower FireSight System Installation
Cisco Firesight 5.3.1
For the prerequisite of the LAB:
– Running ESXI Version 5 or above
– 64 bit CPU with VT Supports and also enable
For the VM
– Minimum of 4core CPU
– Minimum of 4gb Memory
– 250 of Hard drive
– Download Defence center on cisco.com