Category Archives: FireSight

Firepower Threat Defense Active/Standby Failover

Cisco Firepower high availability is something we should take seriously into consideration when deploying the product. No production deployment should ever have a single device passing the traffic. With Cisco Firepower, we have several deployment options: we could have ASA … Continue reading

Posted in FirePOWER, FireSight, Firewall, ftd, Security, Sourcefire | Tagged , , , | Leave a comment

A little bit about Firepower Network Analysis Policy (NAP)

We have previously talked about Intrusion Prevention Policy, or IPS, and saw how to configure and tweak the same. What we did not talk about and is closely tied to the IPS policy is Network Analysis Policy or NAP. So, … Continue reading

Posted in Cisco, FirePOWER, FireSight, IPS, Security, Sourcefire, Uncategorized | Tagged , , , , | Leave a comment

Resetting admin password on Cisco Sourcefire module

If we forgot a password for the user admin on our SFR module, we will find ourselves in a problem, sooner or later. We don’t have to know this password in a regular operations, but for troubleshooting purposes, we cannot … Continue reading

Posted in ASA, Cisco, FirePOWER, FireSight, Security, Sourcefire | Tagged , , , , | 2 Comments

DNS Sinkhole with Sourcefire

There is this nice feature with Cisco Firepower called DNS Intelligence. This feature allows us ┬áto have a huge database containing known bad domain names and utilize that database to drop connections to IPs represented by those names. We can … Continue reading

Posted in Cisco, FirePOWER, FireSight, IPS, Security, Sourcefire | Tagged , , , , , , | 2 Comments

Upgrade Cisco Sourcefire to 6.2.0

Ok, first of all apologies to all of you guys for being away so long, I was very busy. Still am, but I have recently completed an upgrade of the Sourcefire system to version 6.2.0, so I thought to share … Continue reading

Posted in ASA, Cisco, FirePOWER, FireSight, IPS, Security, Sourcefire | 11 Comments

Sourcefire Security Intelligence – DNS Policy

On July 2nd last year, we talked about Sourcefire Security Intelligence. Briefly, what it does is making use of huge collection of known bad IPs and blocking them before our users access them. In this collection we can find IPs … Continue reading

Posted in Cisco, FirePOWER, FireSight, IPS, Security, Sourcefire | 12 Comments

Sourcefire Correlation Policy – Compliance White Lists

We should have in mind that the Sourcefire is not by any means a SIEM solution. This correlation thing is most powerful weapon of SIEMs, but with Sourcefire we have the also some capability to correlate different events. The main … Continue reading

Posted in ASA, Cisco, FirePOWER, FireSight, IPS, Security, Sourcefire | Tagged , , , , | 7 Comments