Firepower Threat Defense - Common Practice Guide Walkthrough

Поділитися
Вставка
  • Опубліковано 23 гру 2024

КОМЕНТАРІ • 25

  • @davidwu9015
    @davidwu9015 6 років тому +2

    Very helpful and valuable, covering almost all the major aspects of FTD configuration, a good resources for FTD technical guys. Thanks for taking time to make the video.

  • @manojupreti6413
    @manojupreti6413 6 років тому +1

    Simply Awesome - straight to the point

  • @SnortDefence
    @SnortDefence 2 роки тому

    Very very helpful Jason.. would create one new walkthrough video on snort3

  • @Owii92
    @Owii92 6 років тому

    Thanks for the time you took to make this video. I couldn't find anything like this on internet, beside admin guide and tutorial... without real explanations. anyway, thanks again :)

    • @jasonmaynard8773
      @jasonmaynard8773  6 років тому

      Thanks Owii92 for the comment and glad it helped.

  • @StephenCombs17
    @StephenCombs17 4 роки тому

    question, I saw in the video you placed the the objects (DMZ, Inside Hosts) in your HOME NET variable. We do not want to do this correct? If you have both your DMZ and your INSIDE hosts in HOME NET then you will not inspect from inside to DMZ or vice versa since those are considered protected? My understanding is that you only want your inside hosts or protected hosts in your HOME NET variable everything else gets inspected.

    • @jasonmaynard8773
      @jasonmaynard8773  4 роки тому +1

      Thanks Mark for reaching out - home_net should include all networks you are protecting. It states this in the guide "the majority of the rules use the variable $HOME_NET to specify the protected network and the variable $EXTERNAL_NET to specify the unprotected (or outside) ", also a quick google of www.google.com/search?q=snort+home_net+variable&rlz=1C1GCEU_enUS872US873&oq=snort+Home&aqs=chrome.0.69i59j69i57j35i39j0l5.5013j0j4&sourceid=chrome&ie=UTF-8
      Gets you the following as well "$HOME_NET is a variable that defines the network or networks you are trying to protect, while $EXTERNAL_NET is the external, untrusted networks to which you are connected. These variables are used in virtually all rules to specify criteria for the source and destination of a packet."
      Hope this clarifies :)

  • @jtcod5422
    @jtcod5422 4 роки тому

    Where can I find this lookbook? I followed first link and it gave me a 2 page document that doesn't show the details of this guide Walkthrough. Thanks.

    • @jasonmaynard8773
      @jasonmaynard8773  4 роки тому

      Try the following: cisco.lookbookhq.com/ngfw_ftd_common-practices

  • @sergeileshchinsky
    @sergeileshchinsky 6 років тому

    Another great vid. Thanks a lot for sharing!

  • @staskosovskih8594
    @staskosovskih8594 6 років тому

    Totally awesome!

  • @Crog2
    @Crog2 5 років тому

    Thank You for sharing. Thumb up

  • @HoangPham-ki7rj
    @HoangPham-ki7rj 6 років тому

    Thank you very much, very helpful guide :)

    • @jasonmaynard8773
      @jasonmaynard8773  6 років тому

      Anytime Hoang and thanks for the feedback.

    • @jasonmaynard8773
      @jasonmaynard8773  6 років тому

      I seen you message around DNS but you had your email address so I did not publish the comment.
      That said I assume you are looking at DNS Sinkholing. If so check out the following videos
      23. Cisco Firepower Threat Defense: DNS Sinkholing
      ua-cam.com/video/DZtvCmoge3k/v-deo.html
      24. Cisco Firepower Threat Defense: DNS Sinkholing Packet Capture
      ua-cam.com/video/rRKijsP9iyA/v-deo.html
      25. Cisco Firepower Threat Defense: DNS Sinkhole Tweaking for the Analyst
      ua-cam.com/video/7RMiIqL9Gik/v-deo.html
      Hope this helps

    • @HoangPham-ki7rj
      @HoangPham-ki7rj 6 років тому

      @@jasonmaynard8773 Thanks for hidding the comment, in my case, after putting DNS server behind the firewall with default "balance and security", and malware blocking (1st rule), all pcs and even FW itself cannot use DNS service anymore, every others service like ping, RD are still OK, DNS is win 2008 R2. Checked log and i saw UDP port 53 were allow. Have you met this case?

    • @jasonmaynard8773
      @jasonmaynard8773  6 років тому

      Hi Hoang, I am assuming that the PCs have to go through the firewall to get to DNS (not on the same network and you have a control point in place). I would go to FTD and leverage packet tracer and do a couple of tests. This should highlight what stage the firewall is blocking (if that is the case). If this does not help I would open a TAC case and get them to have a look.
      Packet Tracer - ua-cam.com/video/WdfbcP3KuO0/v-deo.html

  • @stanhuang8091
    @stanhuang8091 6 років тому

    very useful