Cisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339

Similar documents
Cisco ASA with FirePOWER Services

Improving Security with Cisco ASA Firepower Services Claudiu Onisoru, Senior Solutions Engineer Cisco Connect - 18 March 2015

BRKSEC Snort Implementation in Cisco Products Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems

Design and Deployment of SourceFire NGIPS and NGFWL

Cisco Firepower Thread Defence. Claudiu Boar

Cisco Firepower NGIPS Tuning and Best Practices

Cisco Next Generation Firewall Services

The Internet of Everything is changing Everything

Cisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer

FirePower 2100 NGFW. Elodie Heurtevent Security BDM Commercial. 21 March 2017

FirePOWER: Advanced Configuration and Tuning

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Firepower Techupdate April Jesper Rathsach, Consulting Systems Engineer Cisco Security North April 2017

Deploying Intrusion Prevention Systems

New methods to protect the network. Deeper visibility with Cisco NGFW Next Generation Firewall

Sourcefire Network Security Analytics: Finding the Needle in the Haystack

Cisco - ASA Lab Camp v9.0

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Implementing Cisco Edge Network Security Solutions ( )

FP NGIPS Deployment and Operationalisation Mark Pretty, Consulting Systems Engineer

Cisco ASA 5500-X NGFW

This document describes the configuration of Secure Sockets Layer (SSL) decryption on the FirePOWER Module using ASDM (On-Box Management).

Sourcefire and ThreatGrid. A new perspective on network security

Snort: The World s Most Widely Deployed IPS Technology

The IINS acronym to this exam will remain but the title will change slightly, removing IOS from the title, making the new title.

Cloud-Managed Security for Distributed Networks with Cisco Meraki MX

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

We re ready. Are you?

Dissecting Firepower-FTD & Firepower-Services Design & Troubleshooting

*Performance and capacities are measured under ideal testing conditions using PAN-OS.0. Additionally, for VM

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

Threat Centric Network Security

Protection - Before, During And After Attack

Implementing Cisco Network Security (IINS) 3.0

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

Deploying Intrusion Prevention Systems

Chapter 6: IPS. CCNA Security Workbook

Features and Functionality

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Cisco ASA Next-Generation Firewall Services

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

Using Trend Reports. Understanding Reporting Options CHAPTER

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

Configure FTD Interfaces in Inline-Pair Mode

New Features and Functionality

Max sessions (IPv4 or IPv6) 500, , ,000

Feature. *1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

*Performance and capacities are measured under ideal testing conditions using PAN-OS 8.0. Additionally, for VM

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

Agile Security Solutions

Chapter 1: Content Security

AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment

Monitoring the Device

Configuring Firepower Threat Defense interfaces in Routed mode

Security, Internet Access, and Communication Ports

CISCO EXAM QUESTIONS & ANSWERS

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

Data Center Security. Fuat KILIÇ Consulting Systems

Cisco ASA with FirePOWER Services

Global vision. Local knowledge. Cisco Forum Kyiv Country Day Month Year

Security, Internet Access, and Communication Ports

Next Generation IPS and Advance Malware Protection. Mahmoud Rabi Consulting Systems Engineer - Security

Security, Internet Access, and Communication Ports

The following topics describe how to manage various policies on the Firepower Management Center:

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

Key Security Measures to Enable Next-Generation Data Center Transformation

Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace. Milan Habrcetl Cisco CyberSecurity Specialist Mikulov, 5. 9.

Access Control Using Intrusion and File Policies

Passit4Sure (50Q) Cisco Advanced Security Architecture for System Engineers

Resilient WAN and Security for Distributed Networks with Cisco Meraki MX

Cisco Security Exposed Through the Cyber Kill Chain

SRX als NGFW. Michel Tepper Consultant

Advanced IPS Deployment

Pass4sure q. Cisco Securing Cisco Networks with Sourcefire IPS

Stop Threats Before They Stop You

STONESOFT. New Appliances2012

NSG100 Nebula Cloud Managed Security Gateway

Getting Started with Access Control Policies

Introduction to the Cisco Sourcefire NGIPS

Firewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků

NGFWv & ASAv in Public Cloud (AWS & Azure)

Firewalls for Secure Unified Communications

Question: 1 An engineer is using the policy trace tool to troubleshoot a WSA. Which behavior is used?

Licensing the Firepower System

Cisco FirePOWER 8000 Series Appliances

Access Control Using Intrusion and File Policies

Licensing the Firepower System

RSA NetWitness Platform

Connection Logging. Introduction to Connection Logging

Radware: Anatomy of an IoT Botnet and Economics of Defense

There are two ways for a sensor device to detect the Security Group Tag (SGT) assigned to the traffic:

Palo Alto Networks PCNSE7 Exam

ASA with CX/FirePower Module and CWS Connector Configuration Example

SOURCEFIRE 3D SYSTEM RELEASE NOTES

Cisco ASA with FirePOWER Services

Next Generation Mobile Collaboration

Chapter 2 VLANs. CHAPTER 2 VLANs

Transcription:

Cisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339

Agenda Introduction to Lab Exercises Platforms and Solutions ASA with Firepower Services Architecture 3

Introduction to Lab Exercises 4

Session Objectives Upon successful completion of this session, the attendee will be able to understand how Sourcefire technologies are deployed on the ASA. In addition, many of the new Firepower 6.0 features will be covered The lab assumes some familiarity with the ASA. Familiarity with Sourcefire is useful, but not necessary. Disclaimer: This is neither comprehensive ASA training nor comprehensive Sourcefire training. The focus of this lab is how the two are integrated. 5

Expectations There are 8 labs You should be able to complete the first 4 lab exercises in the time allotted If you want to have more time to work on a lab, you can: Work on these labs from your hotel over the rest of the week. Contact me erkostla@cisco.com starting next week, and we can work something out. The lab exercise flow is shown below. More details about lab exercise dependencies appear on Page 3 of the Student Guide.

Lab Exercises Lab Exercise 1: Initial SFR Configuration Lab Exercise 2: Basic Policy Configuration Lab Exercise 3: Security Intelligence Lab Exercise 4: Snort and OpenAppID Lab Exercise 5: SSL Decryption Lab Exercise 6: File Policy Configuration Lab Exercise 7: Identity Lab Exercise 8: Domains 7

Lab Exercises and new 6.0 features Lab Exercise 1: Initial SFR Configuration One box management Lab Exercise 2: Basic Policy Configuration Policy Hierarchy Lab Exercise 3: Security Intelligence URL based SI, DNS sinkholing Lab Exercise 4: Snort and OpenAppID AVC using OpenAppID Lab Exercise 5: SSL Decryption SSL Decryption on ASA with FP Lab Exercise 6: File Policy Configuration Enhanced AMP capabilities Lab Exercise 7: Identity Active authentication, ISE for passive authentication Lab Exercise 8: Domains Multi-tenancy for management 8

Platforms and Solutions 9

What is Cisco Firepower? Historical perspective Snort created Created by Martin Roesch in 1998 Snort is both a language and an engine Open source rapidly adopts and develops Snort Sourcefire founded Founded in 2001 by Martin Roesch Created a commercial version of Snort Sourcefire acquires Immunet cloud based anti-malware vendor Acquisition completed 2011 Cisco acquires Sourcefire Acquisition completed 2013 for $2,700,000,000 10

Cisco IPS and firewall offerings ASA Traditional firewall Firepower appliances Stand alone NGIPS Limited firewall capabilities ASA with Firepower Services Combination of ASA and Firepower Complete feature set from both solutions Next Generation Firewall (NGFW) to be released in March Integrated data plane Integrated management 11

Cisco ASA Firewalls Next-Generation ASA 5508-X (1Gbps, 10K conn/s) ASA 5515-X (750 Mbps, 15K conn/s) ASA 5516-X (1.8 Gbps, 20K conn/s) ASA 5525-X (2 Gbps, 20K conn/s) ASA 5555-X (4 Gbps, ASA 5545-X50K conn/sec) (3 Gbps, 30K conn/s) ASA 5585 SSP20 (10 Gbps, 140K conn/s) ASA 5585 SSP10 (4 Gbps, 65K conn/s) ASA 5585 SSP60 (40 Gbps, 350K conn/s) ASA 5585 SSP40 (20 Gbps, 240K conn/s) ASA 5506-X (750 Mbps, 5K conn/s) ASA 5512-X (500 Mbps, 10K conn/s) Firewall and VPN Teleworker Branch Office Internet Edge Campus Data Center 12

Scaling Provided by Clustering Up to 16 ASAs-X For ASA 5586-X FW MAX Throughput: 640 Gbps FirePOWER IPS 440 Byte Throughput: 96 Gbps Each Sourcefire Sensor is an independent instance ASAs share connection state information Sourcefire Sensors do not share signature state information State-sharing between firewalls for symmetry and high availability Every session has a Primary Owner Ownership managed by Director node ASA provides traffic symmetry to FirePOWER module 13

Multi-Context Support Security contexts share a single Sourcefire instance Context IDs are passed from the ASA to Sourcefire when ASA interfaces are discovered. Events passed to FireSIGHT conclude Context IDs. 14

Firepower Integration into Cisco Products FP 8000 Series 2 Gbps 60 Gbps NGIPS 15

Securing the Internet of Things Industrial Security Appliance (ISA) Software Firewall: ASA IPS: Sourcefire FirePOWER Services Identify and block threats Generic OT protocol specific OT application specific Application Visibility and Control Protocols Applications Individual commands 16

ASA with Firepower Services Architecture 17

ASA with FirePOWER Services Functional Distribution of Features URL Category/Reputation NGIPS Application Visibility and Control Advanced Malware Protection Security Intellegence SSL decryption File Type filtering File capture FirePOWER Services TCP Normalization TCP Intercept IP Option Inspection IP Fragmentation Botnet Traffic Filter NAT Routing ACL VPN Termination ASA 18

ASA 5585-X with FirePOWER Services Packet flow overview ASA Module processes all ingress and egress packets No packets are directly processed by FirePOWER except for the FirePOWER management port ASA configures and controls the FirePOWER Services Module Logical flow is similar for mid-range ASAs 19

ASA with FirePOWER Services 5.4 FirePOWER physical appliances Packet flow between the solution components 1. Ingress processing inbound ACLs, IP defragmentation, TCP normalization, TCP intercept, protocol inspection, clustering/ha traffic control, VPN decryption, etc. 2. Sourcefire Services processing URL filtering, AVC, NGIPS, AMP, etc. 3. Egress processing outbound ACLs, NAT, routing, VPN encryption, etc. Packets are redirected using the Cisco ASA Modular Policy Framework (MPF) MPF supports fail-open, fail-closed and monitor only options MPF determines which traffic is send to the FirePOWER Services module 20

Sample Solution Architecture with Management

Sample Solution Architecture with Management

Call to Action Visit the World of Solutions for Cisco Campus Walk in Labs Technical Solution Clinics Meet the Engineer Lunch and Learn Topics DevNet zone related sessions

Complete Your Online Session Evaluation Please complete your online session evaluations after each session. Complete 4 session evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt. All surveys can be completed via the Cisco Live Mobile App or the Communication Stations

Thank you

What is Snort? Snort is an engine Parses network protocols Snort is a language Rules to analyze network traffic Snort is a community More that 400,000 active members DAQ libraries Network network Packet decoder Preprocessors Detection engine Output module Alert and log files 27

Best Practice physical configuration (5500-X) ASA managed in-band (from the inside interface) FirePOWER module managed via the M0/0 Management Interface No nameif assigned to the ASA M0/0 Interface ASA Inside Interface and FirePOWER Management can share the same Layer 2 domain and IP subnet Access from the inside to the FirePOWER module through switch/router, without ASA involvement 28

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback