Scribd Logo
Importer

Bienvenue sur Scribd !

  • ASA-FPWR-Basics.2003.Cisco NGFW Product Line.v001pptx

    Transféré par

    Ahmed Hassan Ahmed
    20 vues7 pages
    ASA-FPWR-Basics.2003.Cisco NGFW Product Line.v001pptx

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    ASA-FPWR-Basics.2003.Cisco NGFW Product Line.v001pptx

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    20 vues7 pages

    ASA-FPWR-Basics.2003.Cisco NGFW Product Line.v001pptx

    Transféré par

    Ahmed Hassan Ahmed
    ASA-FPWR-Basics.2003.Cisco NGFW Product Line.v001pptx

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 7

    ASA with FirePOWER Services

    Traffic Inspection
    MPF Traffic Redirection
    Modular Policy Framework
    Match on traffic to be inspected
    Configure class-map
    Default class-map cannot be used, as it supports only inspect
    actions
    Redirect traffic to FirePOWER
    Configure policy-map (optionally use the default one)
    Apply the redirection
    Configure service-policy
    Copyright www.ine.com
    MPF Traffic Redirection Options
    Three actions are available
    Closed mode
    If FirePOWER is unavailable all matched traffic for redirection is
    dropped by the ASA
    Open mode
    If FirePOWER is unavailable all matched traffic for redirection is
    allowed/dropped just based on ASA configuration
    Monitor-only (option to closed/open mode)
    Used for demonstration purposes
    ASA sends a read-only copy of the matched traffic to FirePOWER
    Matched traffic cannot be dropped by FirePOWER
    Copyright www.ine.com
    MPF Traffic Redirection Configuration
    Configure access-list
    access-list SFR extended permit ip any any
    Configure class-map
    class-map SFR
    match access-list SFR
    Configure policy-map
    policy-map global_policy
    class SFR
    sfr fail-open
    Enforce inspection by FirePOWER
    service-policy global_policy global

    Copyright www.ine.com
    MPF Traffic Redirection Verification
    Verify packets redirected/dropped
    show service-policy global sfr
    show asp drop flow sfr-request
    show asp drop flow sfr-fail-close
    show asp drop flow sfr-bad-hdl
    show conn detail

    Copyright www.ine.com
    FirePOWER Demo Mode
    Not recommended for production environment
    ASA has to be configured in transparent mode
    SPAN traffic to one of the ASA interface
    Configure ASA interface as follows
    interface GigabitEthernet0/1
    traffic-forward sfr monitor-only
    no shutdown

    Copyright www.ine.com
    Q&A

    Copyright www.ine.com All rights reserved.

    Vous aimerez peut-être aussi