Initial Installation and Configuration on Cisco ASA with FirePOWER Services and FireSIGHT Defense Center (pt. 2)

security-asa-5525-x-firepower-services

Part 1: http://furiousfiber.com/installation-configuration-cisco-asa-firepower-services-firesight-defense-center/

After you configured the network of the Defense Center, browse to it (https://<Defense Center IP>) and login with the same credentials as before.

You will be asked to change the password and configure the network settings such as hostname, DNS, NTP, etc. You can skip the Device Configuration for later.

Go to Health -> Health Policy and enable Advanced Malware Protection, CPU Usage monitor, Disk Usage monitor, etc. Save policy and exit then Apply the policy by clicking the checklist icon.

Then, connect ASA FirePOWER to the Defense Center. SSH to ASA FirePOWER management IP.

> configure manager add <Defense Center IP> <key>
> show managers

You will see the registration status is pending. Go to Defense Center Devices -> Device Management -> Add Device

Fill the hostname and registration key.

After that, you need to redirect traffic to the ASA SFR module.

ASA(config)# access-list ACL_ANY permit ip any any
ASA(config)# class-map SFR
ASA(config-cmap)# match access-list ACL_ANY
ASA(config)# policy-map global_policy
ASA(config-pmap)# class SFR
ASA(config-pmap-c)# sfr fail-open

You can now do some testing by browsing to a website and run show service-policy on the ASA or on the Defense Center go to Analysis -> Connections -> Events

 

Share on FacebookShare on Google+Share on LinkedInPin on PinterestTweet about this on TwitterShare on TumblrShare on RedditPrint this pageEmail this to someone

Leave a Reply