And I’ve got to say It was pretty straight foward. I had the following Access Policy defined on the FMC:<\/p>\n\n\n\n …with these rules…<\/p>\n\n\n\n The FMC\/FTD has the concept of a ‘Trust’ action which means the traffic isn’t inspected and the first rule is trusting DNS and NTP (please note – this is not intended as best practice guide – you may not want to trust anything – this is just a guy messing around in a lab) but the next rule is where the action is happening.<\/p>\n\n\n\n So drilling down into the relevant parts of the other rule…<\/p>\n\n\n\n <\/p>\n\n\n\n …and where the magic happens…<\/p>\n\n\n\n I have kept things simple in this rule by not using any other available features such as decyrption or an IPS policy. <\/p>\n\n\n\n So from my DMZ host trying to login to the ssh server through the FTD I’m not getting any joy…<\/p>\n\n\n\n … and checking in the FMC’s logs…(Analysis\/Connection Events):<\/p>\n\n\n\n so full marks. Out of interest I went back to the above rule and changed the application part as follows:<\/p>\n\n\n\n <\/p>\n\n\n\n and then re-tested and I was able to login straight away<\/p>\n\n\n\n And we can see this connection allowed in the logs together with the previously blocked traffic:<\/p>\n\n\n\n <\/p>\n\n\n\n The protocol is no longer recognised – presumably because we are no longer doing application inspection.<\/p>\n\n\n\n On first blush, I’ve found a few things about Firepower a bit clunky compared to other NGFWs but in terms of ease use defining rules to allow\/disallow applications I’d think it’s second only to the Palo’s which gives us a current league table (assembled from previous labs) of:<\/p>\n\n\n\n 1\/ Palo Alto 2\/ Cisco Firepower 3\/ Fortigate 4\/ Checkpoint 5\/ Cisco ASA <\/p>\n","protected":false},"excerpt":{"rendered":" At my new place of work I have encountered Cisco’s NGFW offering: Firepower. The firewall policies are administered on an FMC (Firewall Management Center) and pushed or deployed to enforcement modules called FTDs (Firepower Threat Defense) . Instead of FTD’s you can do this on ASAs with an SFR module but I digress . Posts […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-936","post","type-post","status-publish","format-standard","hentry","category-firewalls"],"jetpack_featured_media_url":"","_links":{"self":[{"href":"http:\/\/18.135.13.153\/index.php?rest_route=\/wp\/v2\/posts\/936","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/18.135.13.153\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/18.135.13.153\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/18.135.13.153\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/18.135.13.153\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=936"}],"version-history":[{"count":0,"href":"http:\/\/18.135.13.153\/index.php?rest_route=\/wp\/v2\/posts\/936\/revisions"}],"wp:attachment":[{"href":"http:\/\/18.135.13.153\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=936"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/18.135.13.153\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=936"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/18.135.13.153\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=936"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"\"](\"http:\/\/18.135.13.153\/wp-content\/uploads\/2022\/04\/image-1024x83.png\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/18.135.13.153\/wp-content\/uploads\/2022\/04\/image-1-1024x110.png\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/18.135.13.153\/wp-content\/uploads\/2022\/04\/image-2-1024x276.png\")
![\"\"](\"http:\/\/18.135.13.153\/wp-content\/uploads\/2022\/04\/image-3-1024x140.png\")
![\"\"](\"http:\/\/18.135.13.153\/wp-content\/uploads\/2022\/04\/image-4-1024x204.png\")
![\"\"](\"http:\/\/18.135.13.153\/wp-content\/uploads\/2022\/04\/image-5-1024x148.png\")
![\"\"](\"http:\/\/18.135.13.153\/wp-content\/uploads\/2022\/04\/image-6.png\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/18.135.13.153\/wp-content\/uploads\/2022\/04\/image-8-1024x88.png\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/18.135.13.153\/wp-content\/uploads\/2022\/04\/image-9-1024x151.png\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/18.135.13.153\/wp-content\/uploads\/2022\/04\/image-10.png\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/18.135.13.153\/wp-content\/uploads\/2022\/04\/image-11-1024x81.png\")
<\/figure>\n\n\n\n