NMP + Firesight
Hello world
I was wondering if there is a way to integrate the Cisco Firesight device in the Smart Net Total Care Portal.
Thanks in advance for any answer about it.
Can you explain what you mean by "mainstream"? If you want to tell the collector & Portal discover / recognise devices Firesight, the answer is that these products are not currently in the list of supported devices.
Tags: Cisco Services
Similar Questions
-
Power of fire vs NGIPS vs FireSight vs power of fire management center
I am struggling to understand the distinction between these terms. Is anyone able to help me understand what are the components?
Firepower is the term that Cisco uses during most of the acquis of Sourcefire products.
FMC
Power of fire aka Firesight Management Center aka Defense Center Management Center.
Power of fire management centre was re-branded twice, its all the sameCentralized management for devices of firepower (NGIPS, Module of ASA firepower, DFT)
NGIPS
Dedicated appliance IPS / IPS component of the solution of firepower (also used on the firepower of ASA and DFT module)
ASA with power of Fire Services
ASA with module of software/hardware that is running the services of firepower. (is two different images running on the same box. Traffic is redirected to the module of firepower for Layer 7 inspection)
FTD
Power of fire Threat Defense is the new unified combining image Software ASA and firepower into a single image. (not full parity of features to ASA still)
If you need more let me know.
-
We have a system of FireSight with a version 5.4.0.5 Virtual Data Center and several ASA devices. We have set some user Agents for the session and closing of session servers MS AD user logon information and met 2 problems:
(1) all servers user agent (Windows server 2008R2/64/SP1 and Windows server 2012R2) report error 2201. They can pull the AD server logon information correctly and export the correct user card, can communicate with the virtual data center, but just cannot send data to it. Meanwhile, a user on the Windows 2008 STD/SP2 Server Agent works perfectly. Have you tried 3 other servers, 2 versions of the User Agent, en - us locale and 2 versions of .net. Nothing has changed.
(2) we prefer to have only 1 User Agent but 1 User Agent supports 5 servers DC Max. We set up a central AD server to register the security logs of all servers of ads with success to his 'Reported events' event log file and set the User Agent to extract data from this central AD server. User Agent shoots the opening session, but only events folder "Windows Logs - security", never "reported events." The User Agent is designed from "Windows Logs - Security" read-only?
[2201] - report of the login information of the USER-AGENT-SERVER to 10.xx.xx.xx failed after the 14/07/2016 09:08:55. [A call to the SSPI failed, see inner exception.].
This problem is known.
Please uninstall the update from Microsoft
KB3161606 and KB3161608
After inspection, the question seems to be a specific change to the default Cipher Suites:
https://support.Microsoft.com/en-us/KB/3161639
There is created for this bug.
https://BST.cloudapps.Cisco.com/bugsearch/bug/CSCva32331
Rate if helps.
Yogesh
-
Where can I get the sheet (energy consumption) for device Cisco Firesight 750, I don't have it on the site of the CISO.
Hello
Here are the details of FS750 power supply:
http://www.Cisco.com/c/en/us/TD/docs/security/firesight/541/install-GUID...
Thank you
Guillaume
-
AnyConnect FireSight through ISE user
Hello!
We installed the ISE 2.1 for AAA process for users VPN to ASA5545x. AnyConnect users authenticate successfully and you can see the username within newspaper at ISE. Also we have modules of firepower in the ASA and the virtual appliance FireSight 6.1. How we can use ISE as a source of identity for FireSight?
Inspect traffic to the power of fire based on groups of users, or a user.
Thanks for the help.
Hello Serge, you can certainly do that by integrating both via PxGrid.
Thank you for evaluating useful messages!
-
I have time on firesight a time greater than the local time, I don't know if I disabled the advance of the era will become accurate.
I don't know how to configure the daylight saving time.
your help is appreciated for this problem.
Thank you
Hello Maher,
This may be due to the NTP configuration, you have. As much as I know there is no option it off from the time. You can disable the NTP you have available and give the global NTP of available Sourcefire. Let me know if you need this info.
In the user interface, use your local time itself. In the CLI, it indicates an error in the scheduled tasks or statement?
Concerning
Jetsy
-
Blocking of hosts using Firesight and firepower
I was curious if there is a section in firesight where it could be programmed to block hosts like CISCO host IPS blocks section? A bit like the list hosts blocked for triggering the signatures. Try to translate this into the new product.
In addition, in the event action filters. One possibility might be a rule of trust in the correct access control strategy?
Hello
Access control strategy is intelligence Security tab that allows you to block connections to/from any IP address you put into the black list. You could also simply connect instead of block by enabling logging and changing the drop to monitor action.
Security Intelligence is configurable by access control policy.
Under management of the object, in the section, you can also import the .txt file based containing IP addresses or create one if feed to a server where the .txt file is hosted.
A rule of confidence action implies that you will perform inspection of traffic that matches your rule conditions.
Hope this helps
Paul
-
Creating Firesight IPS policies
I need help for creating rule asa firesight ips.
By default, it is a 'discovery network' under access control. It works fine, I see connection events.
Now, I want to do full-fledged IPS. How do I do that?
On Firesight, IPS-> policy, create a new policy, I'm doing here had to be defined, rules and categories?
Please see the presentation of Cisco Live session BRKSEC-2018 of Cisco Live WE earlier this year. It is a free download from ciscolive365.com.
He did a great job to specify what policies are necessary for effective deployment of firepower and how to create them.
-
ACL LocalFW Vs pushed Firesight ACL
Hi guys
If we have a strategy pushed Firesight to ASA network and it has a local policy on the interface, which would override?
Also is there a way we could check on the SAA what policy he received from Firesight?
How do you push a policy to the Firesight ASA?
Do you mean that you have a policy thrust to the firepower of the ASA service module?
In this case, these are quite different things. The ASA evaluates the passage of the ACL interface occupants when the package is presented to the interface. The service module evaluates the flow against its policies when it receives the package from the ASA parent under the policy-map.
Is not one or the other, is both and the net result is their cumulative policy when it is applied in the series (as a Boolean 'AND' logical).
See this link for a picture:
https://CCIE-or-null.NET/2014/12/10/packet-flow-with-firepower/
-
FireSight 6 throttling (traffic shaping)
Dear,
I need to know if firesight 6 features to limit the bandwidth for specific user when they access internet
ARO
femba
Hello Mohamed,
This will be included in future releases, but from now on we do not know the exact version which may have added.
Rate and correct mark if the post will help you
Concerning
Jetsy
-
Dear experts,
I'm quite new with the firepower of Cisco. I have 2 ASA5555 Cisco with firepower and deploy as a active / standby. We have three zone inside and OUTSIDE management. Firesight server is the stay in the planning area. I registered all module Cisco firepower at the center of Firesight project and I manage traffic inspection by fire on cisco ASA power module already. I applied the rule by default IPS for the registered device. I kept it for 2 days after that I do not throw an eye on cisco FireSight there is no any information. He showed 'No Data'. I wonder that I may miss configuration. I try to re - register the devices but it still the same. Please see the diagram below for more details.
I would like to have support for this issue. If you have any questions please let me know
-INTERIOR interface: ip add 192.168.100.x/24
-Outside interface: ip add x.x.x.x/24
-Management interface: ip 10.100.100.x/24
-Add FireSight server ip: 10.100.100.x/24
Hello putmanoait,
Since this is a new installation, try installing the latest code to use all the new features with the device. After a correct installation and having all the required license, including Firesight host license you must ensure that the traffic was correctly redirected to cross the Firepower.If of firepower redirects the traffic that you see the same thing by activating logging under the strategy of policy access control > Access Control > rules > Logging > logging at the beginning of the connection or the logging at the end of the connection. Once after you have enabled logging, save and reapply or redeploy policy changes. Each device has its own database connection parameters. You can check out the following link and see how many events can be stored in the device.
http://www.Cisco.com/c/en/us/TD/docs/security/firesight/541/user-guide/F...
If you can see the respective connection events under analysis > connection events, the dashboard data must also complete. If you have already activated the above and still no events are coming so please proceed as follows by the connection to Firesight CLI by raising for the root user.
(1) check that the following service is running
pmtool status | grep SFTop10Cacher
(2) restart the service
pmtool restartbyid SFTop10Cacher
(3) you should see the service as running with a different pid
pmtool status | grep SFTop10Cacher
Check the scoreboard after 30 minutes.
Rate and mark correct if the post will help you.
Concerning
Jetsy
-
When you add a rule to delete it just remove the event display or need more ride action too.
You can remove the intrusion to a rule or rules event notification. When notification is removed for a rule, triggers the rule but the events are not generated. You can define one or more deletions of a rule. The first registered repression has the highest priority. Note that when two deletions are in conflict, the first action is carried out.
If I add a rule removing but which suffers from a block he still will block, just not alert?
I have a false positive I want to rule out the possibility for a specific host, but do not want to disable the entire rule. If positive triggers false I don't want traffic to fall AND I don't want to be alerted.
The concept of repression had his interpretations over time. The block will continue, but no alert will be generated. in fact, any notifications. If you have the intention is to completely avoid an IP or a group of IPs or segment, then you must change the signature (which will create a local signature), and under the local signature, you can make any changes that you need to source or destination, even with the ports and other settings. However, you will need to activate this signature and disable the other. And don't forget that updates on the original signature will not appear in the modified signature.
-
Policies of firepower on ASA local after adding to the FireSIGHT Center of Mgmt
Are the settings and policies of an ASA local with shattered fire or power of substitution to the addition of the device that will be managed by the management center of FireSIGHT? I have an ASA that works stand-alone with FP and now need to add FireSIGHT Defense Center/Management Center without losing existing policies.
Thank you.
Simply adding as successful will not overwrite the local policies of the firepower of the ASA module gave.
However, as soon as you deploy any policy (access control, Intrusion, file), healthcare etc. Since FireSIGHT Management Center it will overwrite the one on the SAA.
You can export one local by using the ASDM Manager and then import it into FireSIGHT for re-deployment as a management centrallly policy.
-
Feature: FireSight management running the version 6.0.1
If another user connects to the management of the graphic interface and does a change as the disabling of an interface, or recommendations of firepower or police, but don't push politics or not fully applied the changes. Is there a place where I can connect and see what changes when it is or has yet to be pushed or applied?
It seems that we can see if it's different places if you know look but no notification of status in one place.
Hello
You can go to system-> monitor-> Audit and check if you see the audit logs. It will not be detailed, but will let you know the target pages of navigation by the user and the called sybsystem.
If you want to track if the device is up to date, click deploy. If there are any devices that must be deployed, they will fill there. You will see an icon "+" to see the details of what is not pushed to the device.
Guillaume
-
[Issue] Sourcefire/Firesight Syslog to include the result online
Hi guys,.
I have set up an alert to syslog on Firesight Virtual Center of defence, but I can't get the result online for events.
Here is an example of event raw that I received
April 14 01:09:20 XXX XXXX: [primary detection engine (a9d9147e-dd96-11e2-a935-a6cb913df812)] [XXXX] [1:34463:2] 'Attempt to outgoing connection of the TeamViewer APP-DETECT remote administration tool' [Classification: potential Violation of company policy] user: unknown, Application: TeamViewer, Client: Internet Explorer, Protocol App: HTTPInterface infiltration: s1p2, output interface: s1p1, entry Security Zone: external, out of Security Zone: internal, [priority: 1] {TCP} x.x.x.x:51355 -> x.x.x.x:80
Here we could see the snort ID, source, destination, port, but not the result of inline (if it is abandoned or not)
Y at - it anyway to change and include these result inline using syslog.
Thank you
Hello
Yes you are right to change gravity and priority will not make changes.
Check: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCux57517/?reffering_site...
Apparently in 5.4 and 6.0 according to the user guide thus only under the settings will be seen in syslog:
-date and time of the alert generation
-event message
-event data
-ID of the triggering event for the generator
-Snort event trigger ID
-review
Kind regards
Aastha Bhardwaj
Rate if this is useful!
Maybe you are looking for
-
A few questions about the p6674y of hp and how best to update its graphics capabilities
Hello I'm interested in upgrading my HP p6674y with a nicer graphics card. I've had this computer for about 2 years now. If I have to, I'm ready to upgrade the power to do this (even if I have no idea how to do this). I just want to be able to play Y
-
6700 all In One: printer paper not feeding
I have had this printer for a long time. It has never failed me, but last week he refuses to print, telling me it is out of paper, when it clearly is paper in there. I adjust the book again and again and again, it will not be printed. All of a sud
-
%1 is not an application Win32 valid Message
Can anyone help with this error message. %1 is not a valid Win32 application It appears when I insert the disc of installation for the HP Deskjet F4480.
-
Garage sale pirated Windows on the laptop brand
Hello I recently bought a laptop (Compaq 510) Logtech Infoway. Kerala.They have installed a pirated version of Windows XP on my laptop. When I contacted them, they are insisting that it is the right of the consumer at the request of a genuine version
-
My HP Officejet 4500 Wireless - terrible noise already cleaned &! Watch
OfficeJet 4500 wireless suddenly started making a terrible noise when the print heads move all the way to the right. I already tried cleaning recommended for printing of noise and it made no difference. In addition, the! comes with the green light.