Cisco Next-Generation FW and Cisco Next Generation IPS Flashcards
Difference between FirePOWER and firepower
- FirePOWER is referring to CISCO ASA FirePower service module
- Firepower is referring to Firepower Threat Defense (FTD) unified image and newer software
Is unified software that includes Cisco ASA features, legacy FirePOWER Services and new features. Can be deployed to Cisco Firepower 1000 Series, 2100 Series, 4100 Series and 9000 Series.
Cisco Firepower Threat Defense (FTD)
Cisco Firepower 1000 Series Model (Designed for small business and small offices)
- Cisco Firepower 1010: A desktop firewall with eight 1 Gigabit Ethernet ports, and scales up to 650 Mbps of NGFW througput
- Cisco Firepower 1120: A rack-mount firewall with eight 1 Gigabit Ethernet ports and four SFP ports. The firepower 1120 scales up to 1.5 Gbps of throughput
- Cisco Firepower 1140: A rack-mount firewall with eight 1 Gigabit Ethernet ports and four SFP ports. The firepower 1120 scales up to 2.2 Gbps of throughput
Cisco Firepower 2100 Series Four Models
-Use for Internet Edge and Data Centre
- Cisco Firepower 2110: (1 RU, with 12 1Gbps Ports and 4 SPF Ports, 2Gbps NGFW througput)
- Cisco Firepower 2120 (1 RU, with 12 1Gbps Ports and 4 SPF Ports, 3Gbps NGFW througput)
- Cisco Firepower 2130 (1 RU, with 24 1Gbps Ports or 12 1Gbps and 12 10Gbps Ports, 5Gbps NGFW througput)
- Cisco Firepower 2140 (1 RU, with 24 1Gbps Ports or 12 1Gbps and 12 10Gbps Ports, 8.5Gbps NGFW througput)
Cisco Firepower 4100 Series
- Cisco Firepower 4110 (1RU, with 1,10 or 40 Gbps interfaces with 35Gbps firewall throughput and 11Gbps threat inspection)
- Cisco Firepower 4120 (1RU, with 1,10 or 40 Gbps interfaces with 60Gbps firewall throughput and 19Gbps threat inspection)
- Cisco Firepower 4140 (1RU, with 1,10 or 40 Gbps interfaces with 70Gbps firewall throughput and 27Gbps threat inspection)
- Cisco Firepower 4150 (1RU, with 1,10 or 40 Gbps interfaces with 75Gbps firewall throughput and 39Gbps threat inspection)
- Cisco Firepower 4115 (1RU, with 1,10 or 40 Gbps interfaces with 80Gbps firewall throughput and 26Gbps threat inspection)
- Cisco Firepower 4125 (1RU, with 1,10 or 40 Gbps interfaces with 80Gbps firewall throughput and 35Gbps threat inspection)
- Cisco Firepower 4145 (1RU, with 1,10 or 40 Gbps interfaces with 80Gbps firewall throughput and 45Gbps threat inspection)
Designed for very large enterprises or service providers. Can scaled beyond 1.2Tbps and are designed in a modular way.
Cisco Firepower 9300 Series
Characteristics of Legacy IPS
- They are deployed behind a firewall when providing IPS Functionality (Inline). Often an IPS is also placed in the network without a firewall in front of it.
- They often look for attempts to exploit a vulnerability and not for the existence of a vulnerability
- Generates large amounts of event
- focus on individual indicators/events without focusing on contextual info to take action.
- legacy IPS require manual tuning for better efficacy
Legacy IPS shortcomings
- they often need to be operated in conjuciton with other products or tools (firewall, analytics and correlation tools)
- sometimes not very effective and may be ignored
- operations cost and operating resource is high
- can leave infrastructures imperfectly covered against attackers.
NextGeneration IPS capabilities
- Application awareness and control: provide visibility into layer 7 application and can protect against layer 7 threats.
- content awareness of the information traversing the infrastructure
- contextual awareness
- host and user awareness
- automated tuning and recommendations
- impact and vulnerability assessment of the events taking place
Most important capabilities of Cisco NGIPS
- threat containment and remediation
- application visibility
- identity management
- security automation
- logging and traceability management
- high availability and stacking
- network behavioral analysis
- access control and segmentation
- real-time contextual awareness
What is needed when adding a device to CIsco Firepower Management Center
IP Address
NAT ID and registration key if you dont know the iP
Is used to configure small Cisco FTD deployments
Cisco Firepower Device Manager (FDM)
Is a solution that allows you to manage your firewalls from the cloud. You can write a policy once and enforce it consistently across multiple Cisco ASA and Cisco FTD devices.
Cisco Defense Orchestrator (CDO)
Cisco FTD Devices, Cisco Firepower NGIPS and Cisco ASA FirePower modules can be managed by?
Firepower Management Centre (FMC)
Is a stateful firewall used in Cisco IOS Devices. Is the successor of the legacy IOS Firewall or the context-based access control (CBAC) feature.
Cisco IOS Zone-Based Firewall (ZBFW)
Components of SD-WAN configuration,zone deployments
- Source Zone
- Destination Zone
- Firewall Policy
- Zone Pair
Cisco ASA global commands that enables communications between the hosts on interfaces at the same security level
same-security-traffic permit interface
Cisco ASA interface level of security
100 - safest (usually named inside interface)
0- unsafe ( usually outside interface
between 100-0 (DMZ)
Cisco ASA deployment mode
Routed or Transparent
Enable a physical firewall to be partitioned into multiple standalone firewalls. each standalone firewalls acts and behaves as an independent entity with its own configuration, interfaces,security policies, routing tables and administrators.
Security Contexts
In this mode- Cisco ASA acts as a secured bridge that switches traffic from one interface to anothers
Single-Mode Transparent Firewall (SMTF)
A virtual firewall supports this features that are available in a standalone firewall
- IPS Functionality
- Dynamic Routing
- Packet Filtering
- Network Address Translation (NAT)
- Site-to-site VPN
- IPv6 and device management