INTRODUCTION TO FIREPOWER

  • By
  • October 7, 2019
  • Firewall
INTRODUCTION TO FIREPOWER

INTRODUCTION TO FIREPOWER

Traditional “defense in depth” architectures usually force organizations to buy multiple

security solutions — like firewalls, VPN gateways, web filters, and alternative appliances

from completely different vendors. This approach will increase complexity, because the products don’t always work well together. the absence of unified protection creates multiple blind spots.

For Free Demo classes Call: 7798058777
Registration Link: Click Here!

Attackers exploit these gaps, leaving organizations vulnerable and too often unaware of threats and attacks. Enterprises typically need to hire many dedicated teams to install and manage these disconnected security solutions. These security teams attempt to compensate for gaps in visibility and threat protection with manual processes that area unit inefficient, unreliable, and costly. This environment prevents rapid responses to the fast-changing threat landscape. With Cisco ASA with firepower Services, you gets strong multiple security layers in a single platform, reducing the cost of buying and managing multiple solutions. This integrated approach combines best-in-class security technology with multi-layer protection integrated in a very single device that’s more cost effective than piecemeal security solutions. you also get much greater visibility into what’s happening in your network, far beyond what’s available with traditional solutions. With full contextual awareness you will see all the resources you’re charged with protective. Blinds spots that are avenues for exploit are eliminated. Full visibility lets you higher detect and range threats based on their risk. Their possible impact is assessed and prioritized by an automated system. Meanwhile, the number of events related to monitoring and response is reduced.

Features and benefits:

Cisco ASA with FirePOWER Services provides:

  • Precise application visibility and control (AVC). More than 3000 application-layer and risk-based controls can invoke tailored IPS threat-detection policies to improve security effectiveness.
  • Industry-leading Cisco ASA with FirePOWER NGIPS. Highly effective threat prevention and a full contextual awareness of users, infrastructure, applications, and content help you detect multi-vector threats and automate the defense response.
  • Reputation – and category-based URL filtering. This filtering provides comprehensive alerting and control over suspect web traffic. It enforces policies on hundreds of millions of URLs in more than 80 categories.
  • Advanced malware protection. Effective breach detection with low TCO offers protection value. Discover, understand, and stop malware and emerging threats missed by other security layers.

Setting up ASA firepower

setting up  the ASA and the Firepower Management Center (FMC).

To start, I’m starting to configure the ASA side of things. The first thing I’m going to do is configure the domain name and time information:
clock timezone UTC 0 <- I like using UTC as my timezone due to the fact that it makes logging easier across all devices ntp server 10.1.100.1 <- Configure the NTP server that all your devices in your lab or production will be using dns domain-lookup inside <- Uses the inside interface for DNS look-ups

For Free Demo classes Call: 7798058777
Registration Link: Click Here!

name-server 10.1.100.40 <- The DNS server

Next I will be configuring the class-map and policy-map to forward traffic to the internal Firepower module for inspection:

class-map SFR <- creates the class-map

match any <- Matches ALL traffic. You can also create an ACL and have it match the ACL instead

policy-mapglobal_policy<- brings you into the global_policy context

class SFR <- Adds the class to the policy-map

sfr {fail-open | fail-close [monitor-only]} <- There’s a couple different options here. The first one is fail-open which means that if the Firepower software module is unavailable, the ASA will continue to forward traffic. fail-close means that if the Firepower module fails, the traffic will stop flowing. While this doesn’t seem ideal, there might be a use case for it when securing highly regulated environments. The monitor-only switch can be used with both and basically puts the Firepower services into IDS-mode only. This might be useful for initial testing or setup.

Next we will enable the management interface:

interface management 1/1

management-only

nameif management

security-level 100

no shut

After configuring this, we’ll need to login to the Firepower module of the ASA by issuing the following command:

sessionsfr console

At that point, use the default username/password to login. If you’re using Firepower v5.4 or below, the default credentials are admin/Sourcefire. In later versions of Firepower v6.x and above use the default credentials of admin/Admin123. In  my lab, I’m using Firepower 6.0.1. After initially logging in, you will have to accept a EULA agreement and then be given an option to configure network information. In the event you do not get this and you just get the “>” prompt, enter the following to configure the IP information:

configure network ipv4 manual <ip-address><network-mask><gateway>

After configuring the IP address, we will next configure the Firepower module to point towards the Firepower Management Center for management:

configure management add <FMC-IP-Address><shared-key>

Next we will start the Firepower Management Center and login with the default credentials. We will still need to configure the network by issuing the following command:

sudo configure-network

It will walk you through the network configuration script. After you have configured all the applicable information, it will save the configuration. Open up your browser and navigate to the IP address that you just configured for the FMC and login with the default credentials. You should get the following page:

 

 

Fmc

For Free Demo classes Call: 7798058777

Registration Link: Click Here!

On this page, fill out the following:

New password

IP address, mask, and default gateway

Hostname of the FMC

Domain for the FMC

DNS server information

NTP server information or manually set the clock

Set the timezone

Whether or not to install the update and rule updates

Upload and apply licenses if using classic licenses

Click Apply when done and it should take a little time for this to apply to the FMC.

After the configuration has updated, you will go to the FMC GUI. Navigate to Devices>Device Management and click Add>Add Group. This is an alternative step but you can create logical groups here to add your devices to for ease of management and organization. Then click Add>Add Device to add your Firepower module from your ASA using the IP address you just configured.

This Window

In this window, you have to fill the following:

Hostname or IP address of the device

Display name of the Device for the FMC

Shared key that you previously used in the when configuring the Firepower module Group

Access Control Policy:- Device needs to have access control policy assigned to it. If you haven’t created one, you can choose New from the drop-down and create one with a base policy of the following: Intrusion Policy (and optionally choose a base policy), Network Discovery or Block all traffic.

Protection

choose the licenses that will be applied to the device including Protection (intrusion detection and prevention, file control, and Security Intelligence filtering), Control (user and application control), Malware (network-based Advanced Malware Protection), URL Filtering (category and reputatio-based URL filtering), and VPN (7000/8000 appliances only. N/A on ASA with Firepower)

There is a optional setting for NAT ID under Advanced Settings. This will be your unique key for configuring Firepower devices over the internet that need to go through a NAT.

Click on the button Register when done and join the device to the FMC for management. This will take a few minutes once the Access Control Policy is applied. After the device is connected, click on the name of the device in the Device Management. Choose the interface tab and edit the interfaces. Here you will able to create an “inside” zone and “outside” zone corresponding with each interface. It is not necessary but it can help for creating Access Control Policy rules later based on the source and destination zone:

Navigate

I also like to set up my email settings for alerts. To do so, navigate to System>Configuration>Email Notification and enter your email settings:

Notification And

Note: If you’re setting up Gmail for your home lab, Gmail requires you to configure in your settings to allow mail relay in gmail. Click here to learn how to do so.

Other settings which you might want to be aware of under System>Configuration:

Access List –  Configure the access list for which networks and  which ports can access the FMC

Process – This is where you will able to  shutdown and restart the FMC

Login Banner – Configure a login banner for people who will be logging into the GUI or the CLI of the FMC

Fmc

SNMP – Configure an SNMP string for the FMC

Change Reconciliation

Change Reconciliation – To have changes emailed to you at a specified time.

 

That Wil Able Tol

we will  create a platform policy that wil able tol configure some system configuration settings for the managed devices. Navigate to Device > Platform Settings and click the Add Policy. In this policy, iwill make sure that the device is syncing it’s time with the same NTP source as my FMC. You can also alternatively configure a login banner, SNMP settings, access lists and other settings for the managed devices:

Platform Policy That

we will  create a platform policy that wil able tol configure some system configuration settings for the managed devices. Navigate to Device > Platform Settings and click the Add Policy. In this policy, iwill  make sure that the device is syncing it’s time with the same NTP source as my FMC. You can also alternatively configure a login banner, SNMP settings, access lists and other settings for the managed devices:

Navigate to Object > Object Management it is use to create network objects and network group objects to define our networks as objects. Click on the Add Network  >Add Object to add a single network object:

Add Network

If you are really looking yourself to upgrade yourself then Cisco ASA Firepower Training Course is one of them.

Author:

Gawli, Nitin
Security Trainer
SevenMentor Pvt Ltd

 

For Free Demo classes Call: 7798058777

Registration Link: Click Here!

Call the Trainer and Book your free demo Class for now!!!

call icon

© Copyright 2019 | Sevenmentor Pvt Ltd.

Submit Comment

Your email address will not be published. Required fields are marked *

*
*