Monthly Archives: May 2015

FireSIGHT backup and restore

Before we make a short summer break, let’s do one important step in our Sourcefire saga – backup and restore. This is our lab environment with lots of changes, so it would be nice if we had the option to … Continue reading

Posted in Cisco, FirePOWER, Firewall, IPS, Security, Sourcefire | Tagged , , , | 2 Comments

Sourcefire Custom IPS Signatures Using Signature Editor

Up until this point we relied on Cisco/Sourcefire to provide us with signatures that will protect our network. But, at some point in our IPS expert career the need will arise to create our own signatures. This time we will … Continue reading

Posted in Cisco, FirePOWER, Firewall, IPS, Security, Sourcefire | Tagged , , , , | 6 Comments

Sourcefire Intrusion Prevention Policy Layers

Let’s talk a little bit about “Policy Layers” and “FireSIGHT Recommendations” in Intrusion Prevention Policy. We mention that in previous blog, and now we will discus these concepts in more details. Our “WP TEST IPS POLICY” looks like this: Here … Continue reading

Posted in Cisco, FirePOWER, IPS, Security, Sourcefire | Tagged , , , , , | Leave a comment

Sourcefire Intrusion Prevention Policy

Up to this point we have our SFR passing the traffic and block only telnet to certain hosts. Now we will go a step forward and play around with the “Intrusion Prevention (IPS)” policy. Our topology stays the same, but … Continue reading

Posted in Cisco, FirePOWER, Security, Sourcefire | Tagged , , , , , , | 3 Comments

Sourcefire Access Control Policies – Part Two

From our previous blog, we have our SFR module passing all the traffic. We talked a little bit about Access Control Policies (ACP). Let’s now deep dive into details of these policies. Our topology has not changed from last time. … Continue reading

Posted in ASA, Cisco, FirePOWER, Security, Sourcefire | Tagged , , , , | 3 Comments

Sourcefire Access Control Policies – Part One

Let me stress out one more time that this blog series is all about ASA5500-X with the SFR module. Some things described here may be different for physical appliances. Now we have all installed and set up and we want … Continue reading

Posted in ASA, Cisco, FirePOWER, Firewall, Security, Sourcefire | Tagged , , , , | 7 Comments

Recovering ASA Sourcefire Module Password

By now we have completed several steps with regard to our Sourcefire deployment. We have Defense Center up and running, our modules are installed, set up and connected to Defense Center. We did lots of work in order to make … Continue reading

Posted in ASA, Cisco, Security, Sourcefire | Tagged , , , , | 2 Comments