Cisco Firepower Threat Defense Common Practice Guide Walkthrough with Demos - cisco.lookbookhq.com/ngfw_ftd_... Lots of great things here as well. demand.cisco.com/NGFW_Get-started
Пікірлер: 25
@davidwu90155 жыл бұрын
Very helpful and valuable, covering almost all the major aspects of FTD configuration, a good resources for FTD technical guys. Thanks for taking time to make the video.
@jasonmaynard87735 жыл бұрын
Thanks David for the feedback!
@manojupreti64135 жыл бұрын
Simply Awesome - straight to the point
@jasonmaynard87735 жыл бұрын
Thanks!!
@sergeileshchinsky6 жыл бұрын
Another great vid. Thanks a lot for sharing!
@jasonmaynard87736 жыл бұрын
Thanks sir!
@Owii926 жыл бұрын
Thanks for the time you took to make this video. I couldn't find anything like this on internet, beside admin guide and tutorial... without real explanations. anyway, thanks again :)
@jasonmaynard87736 жыл бұрын
Thanks Owii92 for the comment and glad it helped.
@staskosovskih85946 жыл бұрын
Totally awesome!
@jasonmaynard87736 жыл бұрын
Thanks Stas!
@Crog25 жыл бұрын
Thank You for sharing. Thumb up
@jasonmaynard87735 жыл бұрын
Thanks Igor!
@PraveenRai2 жыл бұрын
Very very helpful Jason.. would create one new walkthrough video on snort3
@jasonmaynard87732 жыл бұрын
Thank you and noted!
@HoangPham-ki7rj5 жыл бұрын
Thank you very much, very helpful guide :)
@jasonmaynard87735 жыл бұрын
Anytime Hoang and thanks for the feedback.
@jasonmaynard87735 жыл бұрын
I seen you message around DNS but you had your email address so I did not publish the comment. That said I assume you are looking at DNS Sinkholing. If so check out the following videos 23. Cisco Firepower Threat Defense: DNS Sinkholing kzfaq.info/get/bejne/esCkqaae1M3JY58.html 24. Cisco Firepower Threat Defense: DNS Sinkholing Packet Capture kzfaq.info/get/bejne/qLh7nM2ktZ_NqXU.html 25. Cisco Firepower Threat Defense: DNS Sinkhole Tweaking for the Analyst kzfaq.info/get/bejne/bbh9nKyisZ-rmZ8.html Hope this helps
@HoangPham-ki7rj5 жыл бұрын
@@jasonmaynard8773 Thanks for hidding the comment, in my case, after putting DNS server behind the firewall with default "balance and security", and malware blocking (1st rule), all pcs and even FW itself cannot use DNS service anymore, every others service like ping, RD are still OK, DNS is win 2008 R2. Checked log and i saw UDP port 53 were allow. Have you met this case?
@jasonmaynard87735 жыл бұрын
Hi Hoang, I am assuming that the PCs have to go through the firewall to get to DNS (not on the same network and you have a control point in place). I would go to FTD and leverage packet tracer and do a couple of tests. This should highlight what stage the firewall is blocking (if that is the case). If this does not help I would open a TAC case and get them to have a look. Packet Tracer - kzfaq.info/get/bejne/jcqWlcaBmLHZf2Q.html
@StephenCombs174 жыл бұрын
question, I saw in the video you placed the the objects (DMZ, Inside Hosts) in your HOME NET variable. We do not want to do this correct? If you have both your DMZ and your INSIDE hosts in HOME NET then you will not inspect from inside to DMZ or vice versa since those are considered protected? My understanding is that you only want your inside hosts or protected hosts in your HOME NET variable everything else gets inspected.
@jasonmaynard87734 жыл бұрын
Thanks Mark for reaching out - home_net should include all networks you are protecting. It states this in the guide "the majority of the rules use the variable $HOME_NET to specify the protected network and the variable $EXTERNAL_NET to specify the unprotected (or outside) ", also a quick google of www.google.com/search?q=snort+home_net+variable&rlz=1C1GCEU_enUS872US873&oq=snort+Home&aqs=chrome.0.69i59j69i57j35i39j0l5.5013j0j4&sourceid=chrome&ie=UTF-8 Gets you the following as well "$HOME_NET is a variable that defines the network or networks you are trying to protect, while $EXTERNAL_NET is the external, untrusted networks to which you are connected. These variables are used in virtually all rules to specify criteria for the source and destination of a packet." Hope this clarifies :)
@jtcod54224 жыл бұрын
Where can I find this lookbook? I followed first link and it gave me a 2 page document that doesn't show the details of this guide Walkthrough. Thanks.
@jasonmaynard87734 жыл бұрын
Try the following: cisco.lookbookhq.com/ngfw_ftd_common-practices