Home Page Icon
Home Page
Table of Contents for
Code Snippets
Close
Code Snippets
by Nazmul Rajib
Cisco Firepower Threat Defense (FTD)
Cover Page
Title Page
Copyright Page
About the Author
About the Technical Reviewer
Dedication
Acknowledgments
Contents at a Glance
Contents
Reader Services
Icons Used in This Book
Command Syntax Conventions
Introduction
Part I Troubleshooting and Administration of Hardware Platform
Chapter 1 Introduction to the Cisco Firepower Technology
History of Sourcefire
Evolution of Firepower
FirePOWER Versus Firepower
Firepower Threat Defense (FTD)
FirePOWER Service Versus Firepower Threat Defense (FTD)
Firepower System Software Components
Firepower System Hardware Platforms
Firepower Accessories
Summary
Chapter 2 FTD on ASA 5500-X Series Hardware
ASA Reimaging Essentials
Best Practices for FTD Installation on ASA Hardware
Installing and Configuring FTD
Fulfilling Prerequisites
Upgrading Firmware
Installing the Boot Image
Installing the System Software
Verification and Troubleshooting Tools
Navigating to the FTD CLI
Determining the Version of Installed Software
Determining the Free Disk Space on ASA Hardware
Deleting a File from a Storage Device
Determining the Availability of Any Storage Device or SSD
Determining the Version of the ROMMON Software or Firmware
Summary
Quiz
Chapter 3 FTD on the Firepower eXtensible Operating System (FXOS)
Firepower 9300 and 4100 Series Essentials
Architecture
Software Images
Firepower Extensible Operating System (FXOS)
FTD Software
Firmware
Web User Interfaces
Best Practices for FTD Installation on Firepower Hardware
Installing and Configuring FTD
Fulfilling Prerequisites
Deleting Any Existing Logical Devices
Upgrading the FXOS Software
Enabling Interfaces
Installing FTD
Uploading the FTD Software Image
Adding a Logical Device for FTD
Completing the Initialization of FTD
Verification and Troubleshooting Tools
Navigating to the FTD CLI
Verifying the FXOS Software
Verifying the Status of a Security Application
Verifying the Security Modules, Adapters, and Switch Fabric
Verifying the Hardware Chassis
Verifying the Power Supply Unit (PSU) Modules
Verifying the Fan Modules
Summary
Quiz
Chapter 4 Firepower Management Center (FMC) Hardware
FMC Component Essentials
On-Box Managers
Off-Box Managers
Cisco Integrated Management Controller (CIMC)
Internal USB Storage for the System_Restore Image
User Interfaces
Best Practices for FMC Reimage
Pre-installation Best Practices
Post-installation Best Practices
Installing and Configuring the FMC
Fulfilling Prerequisites
Configuration Steps
Step 1: Load the System_Restore Image
Step 2: Configure the Network Settings
Step 3: Choose a Transport Protocol
Step 4: Download and Mount an ISO File
Step 5: Run the Installation
Step 6: Initialize the System
Verification and Troubleshooting Tools
Identifying the FMC on a Rack
Determining the Hardware and Software Details of the FMC
Determining the RAID Battery Status
Determining the Status of a Power Supply Unit (PSU)
Checking Logs on the CLI
Enabling Alerts on the GUI
Performing a Complete Power Cycle
PSU Checklist
Verifying the Fans
Summary
Quiz
Chapter 5 Firepower System Virtual on VMware
FMC and FTD Virtual Essentials
Supported Virtual Environments
ESXi Versus VI
VMware Installation Package in a Tarball
Disk Provisioning Options
Best Practices for Firepower Virtual Appliance Deployment
Pre-deployment Best Practices
Post-deployment Best Practices
Installing and Configuring a Firepower Virtual Appliance
Fulfilling Prerequisites
Creating a Virtual Network
Creating a Network for FMC Virtual
Creating a Network for FTD Virtual
Using Promiscuous Mode
Deploying an OVF Template
Initializing an Appliance
Initializing an FMC Virtual Appliance
Initializing an FTD Virtual Appliance
Verification and Troubleshooting Tools
Determining the Status of Allocated Resources
Determining the Status of a Network Adapter
Upgrading a Network Adapter
Summary
Quiz
Part II Troubleshooting and Administration of Initial Deployment
Chapter 6 The Firepower Management Network
Firepower System Management Network Essentials
The FTD Management Interface
Designing a Firepower Management Network
Best Practices for Management Interface Configuration
Configuring a Management Network on FMC Hardware
Configuration Options
Using the GUI During the First Login
Using the GUI On Demand
Using the Command-Line Interface
Verification and Troubleshooting Tools
Configuring a Management Network on ASA Hardware
Configuration
Verification and Troubleshooting Tools
Configuring a Management Network on a Firepower Security Appliance
Configuring the FXOS Management Interface
Verification of the FXOS Management Interface Configuration
Configuring the FTD Management Interface
Verification of the FTD Management Interface Configuration
Summary
Quiz
Chapter 7 Firepower Licensing and Registration
Licensing Essentials
The Smart Licensing Architecture
Cisco Smart Software Manager (CSSM)
CSSM Satellite
Firepower Licenses
Best Practices for Licensing and Registration
Licensing a Firepower System
Licensing Configuration
Evaluation Mode
Registering with the CSSM
Verifying a Smart License Issue
Registering a Firepower System
Registration Configuration
Setting Up FTD
Setting Up the FMC
Verifying the Registration and Connection
Analyzing the Encrypted SFTunnel
Summary
Quiz
Chapter 8 Firepower Deployment in Routed Mode
Routed Mode Essentials
Best Practices for Routed Mode Configuration
Configuring Routed Mode
Fulfilling Prerequisites
Configuring the Firewall Mode
Configuring the Routed Interface
Configuring an Interface with a Static IP Address
DHCP Services
FTD as a DHCP Server
FTD as a DHCP Client
Verification and Troubleshooting Tools
Verifying the Interface Configuration
Verifying DHCP Settings
Summary
Quiz
Chapter 9 Firepower Deployment in Transparent Mode
Transparent Mode Essentials
Best Practices for Transparent Mode
Configuring Transparent Mode
Fulfilling Prerequisites
Changing the Firewall Mode
Deploying Transparent Mode in a Layer 2 Network
Configuring the Physical and Virtual Interfaces
Verifying the Interface Status
Verifying Basic Connectivity and Operations
Deploying an FTD Device Between Layer 3 Networks
Selecting the Default Action
Adding an Access Rule
Creating an Access Rule for SSH
Verifying Access Control Lists
Summary
Quiz
Part III Troubleshooting and Administration of Traffic Control
Chapter 10 Capturing Traffic for Advanced Analysis
Traffic Capture Essentials
Best Practices for Capturing Traffic
Configuring Firepower System for Traffic Analysis
Capturing Traffic from a Firepower Engine
tcpdump Options
Downloading a .pcap File Generated by Firepower Engine
Capturing Traffic from the Firewall Engine
Downloading a .pcap File Generated by Firewall Engine
Enabling HTTP Service in FTD
Capturing Traffic from the FMC
Downloading a .pcap File Generated by FMC
Verification and Troubleshooting Tools
Adding an Access Rule to Block ICMP Traffic
Analyzing the Traffic Flow by Using a Block Rule
Packet Processing by an Interface
Summary
Quiz
Chapter 11 Blocking Traffic Using Inline Interface Mode
Inline Mode Essentials
Inline Mode Versus Passive Mode
Inline Mode Versus Transparent Mode
Tracing a Packet Drop
Best Practices for Inline Mode Configuration
Configuring Inline Mode
Fulfilling Prerequisites
Creating an Inline Set
Verifying the Configuration
Verifying Packet Flow by Using packet-tracer
Verifying Packet Flow by Using Real Packet Capture
Enabling Fault Tolerance Features
Configuring Fault Tolerance Features
Verifying Fault Tolerance Features
Blocking a Specific Port
Configuring Blocking a Specific Port
Verifying Blocking of a Specific Port
Analyzing a Packet Drop by Using a Simulated Packet
Analyzing a Packet Drop by Using a Real Packet
Summary
Quiz
Chapter 12 Inspecting Traffic Without Blocking It
Traffic Inspection Essentials
Passive Monitoring Technology
Inline Versus Inline Tap Versus Passive
Best Practices for Detection-Only Deployment
Fulfilling Prerequisites
Inline Tap Mode
Configuring Inline Tap Mode
Verifying an Inline Tap Mode Configuration
Passive Interface Mode
Configuring Passive Interface Mode
Configuring Passive Interface Mode on an FTD Device
Configuring a SPAN Port on a Switch
Verifying a Passive Interface Mode Configuration
Analyzing Traffic Inspection Operation
Analyzing a Connection Event with a Block Action
Analyzing Live Traffic
Analyzing a Simulated Packet
Analyzing an Intrusion Event with an Inline Result
Summary
Quiz
Chapter 13 Handling Encapsulated Traffic
Encapsulation and Prefilter Policy Essentials
Best Practices for Adding a Prefilter Rule
Fulfilling Prerequisites
Transferring and Capturing Traffic on the Firewall Engine
Scenario 1: Analyzing Encapsulated Traffic
Configuring Policies to Analyze Encapsulated Traffic
Prefilter Policy Settings
Access Control Policy Settings
Verifying the Configuration and Connection
Analyzing Packet Flows
Scenario 2: Blocking Encapsulated Traffic
Configuring Policies to Block Encapsulated Traffic
Verifying the Configuration and Connection
Analyzing Packet Flows
Scenario 3: Bypassing Inspection
Configuring Policies to Bypass Inspection
Custom Prefilter Policy
Access Control Policy Settings
Verifying the Configuration and Connection
Analyzing Packet Flows
Summary
Quiz
Chapter 14 Bypassing Inspection and Trusting Traffic
Bypassing Inspection and Trusting Traffic Essentials
The Fastpath Rule
The Trust Rule
Best Practices for Bypassing Inspection
Fulfilling Prerequisites
Implementing Fastpath Through a Prefilter Policy
Configuring Traffic Bypassing
Configuring a Prefilter Policy
Invoking a Prefilter Policy in an Access Control Policy
Verifying the Prefilter Rule Configuration
Enabling Tools for Advanced Analysis
Analyzing the Fastpath Action
Establishing Trust Through an Access Policy
Configuring Trust with an Access Policy
Verifying the Trust Rule Configuration
Enabling Tools for Advanced Analysis
Analyzing the Trust Action
Using the Allow Action for Comparison
Summary
Quiz
Chapter 15 Rate Limiting Traffic
Rate Limiting Essentials
Best Practices for QoS Rules
Fulfilling Prerequisites
Configuring Rate Limiting
Verifying the Rate Limit of a File Transfer
Analyzing QoS Events and Statistics
Summary
Quiz
Part IV Troubleshooting and Administration of Next-Generation Security Features
Chapter 16 Blacklisting Suspicious Addresses by Using Security Intelligence
Security Intelligence Essentials
Input Methods
Best Practices for Blacklisting
Fulfilling Prerequisites
Configuring Blacklisting
Automatic Blacklist Using Cisco Intelligence Feed
Manual Blacklisting Using a Custom Intelligence List
Immediate Blacklisting Using a Connection Event
Adding an Address to a Blacklist
Deleting an Address from a Blacklist
Monitoring a Blacklist
Bypassing a Blacklist
Adding an Address to a Whitelist
Deleting an Address from a Whitelist
Verification and Troubleshooting Tools
Verifying the Download of the Latest Files
Verifying the Loading of Addresses into Memory
Finding a Specific Address in a List
Verifying URL-Based Security Intelligence Rules
Summary
Quiz
Chapter 17 Blocking a Domain Name System (DNS) Query
Firepower DNS Policy Essentials
Domain Name System (DNS)
Blocking of a DNS Query Using a Firepower System
DNS Rule Actions
Actions That Can Interrupt a DNS Query
Actions That Allow a DNS Query
Sources of Intelligence
Best Practices for Blocking DNS Query
Fulfilling Prerequisites
Configuring DNS Query Blocking
Adding a New DNS Rule
Invoking a DNS Policy
Verification and Troubleshooting Tools
Verifying the Configuration of a DNS Policy
Verifying the Operation of a DNS Policy
Summary
Quiz
Chapter 18 Filtering URLs Based on Category, Risk, and Reputation
URL Filtering Essentials
Reputation Index
Operational Architecture
Fulfilling Prerequisites
Best Practices for URL Filtering Configuration
Blocking URLs of a Certain Category
Configuring an Access Rule for URL Filtering
Verification and Troubleshooting Tools
Allowing a Specific URL
Configuring FTD to Allow a Specific URL
Verification and Troubleshooting Tools
Querying the Cloud for Uncategorized URLs
Configuring FMC to Perform a Query
Verification and Troubleshooting Tools
Summary
Quiz
Chapter 19 Discovering Network Applications and Controlling Application Traffic
Application Discovery Essentials
Application Detectors
Operational Architecture
Best Practices for Network Discovery Configuration
Fulfilling Prerequisites
Discovering Applications
Configuring a Network Discovery Policy
Verification and Troubleshooting Tools
Analyzing Application Discovery
Analyzing Host Discovery
Undiscovered New Hosts
Blocking Applications
Configuring Blocking of Applications
Verification and Troubleshooting Tools
Summary
Quiz
Chapter 20 Controlling File Transfer and Blocking the Spread of Malware
File Policy Essentials
File Type Detection Technology
Malware Analysis Technology
Licensing Capability
Best Practices for File Policy Deployment
Fulfilling Prerequisites
Configuring a File Policy
Creating a File Policy
Applying a File Policy
Verification and Troubleshooting Tools
Analyzing File Events
Analyzing Malware Events
The FMC Is Unable to Communicate with the Cloud
The FMC Performs a Cloud Lookup
FTD Blocks Malware
Overriding a Malware Disposition
Summary
Quiz
Chapter 21 Preventing Cyber Attacks by Blocking Intrusion Attempts
Firepower NGIPS Essentials
Network Analysis Policy and Preprocessor
Intrusion Policy and Snort Rules
System-Provided Variables
System-Provided Policies
Best Practices for Intrusion Policy Deployment
NGIPS Configuration
Configuring a Network Analysis Policy
Creating a New NAP with Default Settings
Modifying the Default Settings of a NAP
Configuring an Intrusion Policy
Creating a Policy with a Default Ruleset
Incorporating Firepower Recommendations
Enabling or Disabling an Intrusion Rule
Setting Up a Variable Set
Configuring an Access Control Policy
Verification and Troubleshooting Tools
Summary
Quiz
Chapter 22 Masquerading the Original IP Address of an Internal Network Host
NAT Essentials
NAT Techniques
NAT Rule Types
Best Practices for NAT Deployment
Fulfilling Prerequisites
Configuring NAT
Masquerading a Source Address (Source NAT for Outbound Connection)
Configuring a Dynamic NAT Rule
Verifying the Configuration
Verifying the Operation: Inside to Outside
Verifying the Operation: Outside to Inside
Connecting to a Masqueraded Destination (Destination NAT for Inbound Connection)
Configuring a Static NAT Rule
Verifying the Operation: Outside to DMZ
Summary
Quiz
Appendix A Answers to the Review Questions
Appendix B Generating and Collecting Troubleshooting Files Using the GUI
Generating Troubleshooting Files with the GUI
Appendix C Generating and Collecting Troubleshooting Files Using the CLI
Generating Troubleshooting Files at the FTD CLI
Downloading a File by Using the GUI
Copying a File by Using the CLI
Generating Troubleshooting Files at the FMC CLI
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Code Snippets
Next
Next Chapter
Code Snippets
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset