Security Intelligence (SI) is used to block connections based on reputation on firepower systems. It can be used to block traffic based on IP, DNS and URL and is useful as a first line of defense to blacklist undesirable connections from/to public ip addresses.
After some delays version 6.2.0 has been released for Cisco Firepower Systems. The version brings some long awaited and desperately needed features I have been waiting for quite some time. Lets jump right into what is new, what has changed and why FlexConfig should die a fast and swift death again.
Have you ever been in a situation where you wanted to troubleshoot a certain firepower process? Tried to kill a process, to re-start it with some debug flags but it was already re-started automatically by process manager? Well pmtool is here to help. Using pmtool you can disable services, restart processes and check dependencies between components on firepower systems.
Since I had to use the root shell various times for troubleshooting on firepower systems, I decided to document some of the various binaries and logfiles that are available on FMC and firepower sensors.
URL Filtering is a useful feature to block malicious domains or block unwanted web traffic. It is a feature that is easy to configure but has some hidden caveats. In this post we will look at some limitations and ways to troubleshooting url filtering related issues on firepower systems.
Troubleshooting user identity issues on firepower systems can be quite daunting at times if you do not know where exactly you should look for issues. After encountering many different problems I thought it might be a good idea write down what I have learned from various troubleshooting sessions since unfortunately the amount of available documentation is quite lacking.