CUC (6) CUCM (28) Jabber (6) Python (2) Routing (3) Solarwinds Orion NPM (4) switching (1) Video (6) voice (3)

Sunday, 17 December 2017

Directing traffic from your ASA to a Firepower module

I d like to do a little post on how to direct traffic to your firepower module, cos without directing traffic to it, really IPS and Malware analyses are no good, so you will need to give the firepower module something to work with, sort of the same as 'interesting traffic' on a crypto map.

Typically all traffic is directed to your firepower module, even if you want to do only IPS and Malware detection, keeping all your Access-list/policies on your ASA, in which case you simply dont create any acces-lists on your firepower module and leave all L3/L4 filtering to the tradition of the ASA

So first verify if your FP module is inserted, 

ASA-FW1# sh module

Mod  Card Type                                                                 Model              Serial No.
---- --------------------------------------------                      ------------------ -----------
   1 ASA 5516-X with FirePOWER services, 8GE, AC,             ASA5516            JADxyz
 sfr FirePOWER Services Software Module                            ASA5516            JADxyz

you will now need to install the software on it. I will not go into detail, so use

If you decide to deploy your firepower module inline, you will need to define what traffic you want to send to your firepower module you will need to put some configuration in place on the ASA. Typically all traffic is directed to the Firepower module. (match any in the confuguration example below). First the class map firepower matches all traffic and is then applied to the global policy map, in conjucntion with the sfr fail-open command bringing the firepower module inline.

class-map firepower
 match any
policy-map global_policy
 class firepower
  sfr fail-open

You can verify if the firepower module is receiving any traffic by going to the Firesight manager centre and analyse the connection events. 


No comments:

Post a Comment