Intrusion detection and prevention: Intrusion detection and prevention help you detect attempts from an attacker to gain unauthorized access to a network or a host, create performance degradation, or steal information. Whether you configure simple or complex rules, you can control traffic based on security zones, network or geographical locations, ports, applications, requested URLs, and per user. You can also achieve a more complete access control policy with enrichment data based on security threat intelligence. For instance, you can configure a default action to inspect all traffic or to block or trust all traffic without further inspection. Access control policies determine how traffic is permitted or denied in a network. Cisco ASA FirePOWER Services provides the following key capabilities:Īccess control: This policy-based capability allows a network security administrator to define, inspect, and log the traffic that traverses a firewall. In Chapter 1 you also learned that the Cisco ASA family has members in many shapes and sizes, and you learned about their uses in small, medium, and large organizations.Ĭisco introduced the Cisco ASA FirePOWER Services as part of the integration of the SourceFire technology. These technologies and solutions can help you detect, block, and defend against attacks that have already taken place. The Cisco ASA with FirePOWER Services and Cisco’s Advanced Malware Protection (AMP) provide a security solution that helps you discover threats and enforce and harden policies before an attack takes place.
#FIREPOWER CONFIG ASA ASDM FULL#
Organizations must maintain visibility and control across the extended network during the full attack continuum:Īfter an attacker starts to damage systems or steal information You also learned that those security technologies and processes should not focus solely on detection but should also provide the ability to mitigate the impact of an attack. In Chapter 1, “Fundamentals of Cisco Next-Generation Security,” you learned about the different Cisco next-generation security products and technologies. Introduction to Cisco ASA FirePOWER ServicesĬompatibility with other Cisco ASA featuresĬisco ASA FirePOWER packet processing order of operationsĬisco ASA FirePOWER Services and failoverĬisco ASA FirePOWER Services and clusteringĭeployment of the Cisco ASA FirePOWER Services in the Internet edgeĭeployment of the Cisco ASA FirePOWER Services in VPN scenariosĭeployment of the Cisco ASA FirePOWER Services in the data center This chapter covers the following topics: It also provides design guidance and best practices for deploying Cisco ASA with FirePOWER Services. This chapter provides an introduction to the Cisco ASA with FirePOWER Services solution.