Tag Archives: sourcefire

Resetting admin password on Cisco Sourcefire module

If we forgot a password for the user admin on our SFR module, we will find ourselves in a problem, sooner or later. We don’t have to know this password in a regular operations, but for troubleshooting purposes, we cannot … Continue reading

Posted in ASA, Cisco, FirePOWER, FireSight, Security, Sourcefire | Tagged , , , , | Leave a comment

DNS Sinkhole with Sourcefire

There is this nice feature with Cisco Firepower called DNS Intelligence. This feature allows us  to have a huge database containing known bad domain names and utilize that database to drop connections to IPs represented by those names. We can … Continue reading

Posted in Cisco, FirePOWER, FireSight, IPS, Security, Sourcefire | Tagged , , , , , , | Leave a comment

Packet capture with Sourcefire CLI

This one will be short 🙂 If we need for some reason to do a packet capture on Cisco Sourcefire/Firepower we can do that from the CLI. Let’s say that we have issues in communication from IP 10.0.0.3 to Google … Continue reading

Posted in Cisco, FirePOWER, IPS, Security, Sourcefire | Tagged , , | Leave a comment

Sourcefire Correlation Policy – Compliance White Lists

We should have in mind that the Sourcefire is not by any means a SIEM solution. This correlation thing is most powerful weapon of SIEMs, but with Sourcefire we have the also some capability to correlate different events. The main … Continue reading

Posted in ASA, Cisco, FirePOWER, FireSight, IPS, Security, Sourcefire | Tagged , , , , | 7 Comments

Fixing “Error fetching groups” After Upgrade Sourcefire to 6.0

We have just upgraded Sourcefire to 6.0. Did everything go smooth? Well, almost. Some users (me included) are having issues fetching users and groups from Active Directory realm. The error is: Error fetching groups. Please check your directory configuration and … Continue reading

Posted in Cisco, FirePOWER, FireSight, Firewall, IPS, Security, Sourcefire | Tagged , , , | Leave a comment

Upgrade Cisco Sourcefire to 6.0

Just a few days after we have upgraded our Sourcefire infrastructure to 5.4, Cisco released the 6.0 version. Before we do an upgrade, first let’s briefly check out what do we get with this major release: SSL Traffic inspection DNS-based … Continue reading

Posted in Cisco, FirePOWER, FireSight, Firewall, IPS, Security, Sourcefire | Tagged , , , , , | 19 Comments

Installing Custom Certificate on FireSight Defense Center

We are using Cisco FirePOWER services for quite some time and we are almost gurus. But one thing keeps annoying us every day: a certificate warning when we access web interface of our Defense Center (DC): This happens because the … Continue reading

Posted in Cisco, FirePOWER, FireSight, IPS, Security, Sourcefire | Tagged , , , | Leave a comment