In this video, I'll go over the switch configuration of my switch in the lab and make sure that ISE is getting information from the switch.
In this video, I'll be setting up the ASAv, CSR and Firepower in my lab so the rest of the devices in my lab can connect to the internet.
In this video I'm going to go through the initial configuration of some features in ISE I like before I start configuring policies and integrations between other products.
In this video, I'm configuring the Active Directory server, DNS, the certificate authority, my group policy, certificate templates, and DHCP
I'm starting to rebuild one of my labs and wanted to record the experience. This is just an overview of what I'll be configuring in later videos.
I wanted to write up a review of my experience with Micronics Learning Z2H Security class. A lot of folks have asked me both on Twitter and on forums about it. I was lucky enough to attend the first class they had late in 2015 and it was honestly one of the best uses of my money for training that I've ever spent. If you're looking for CCIE Security v5 training or just Cisco security training in general, this is probably the best class on the market to get it. Since they are a Cisco Learning Partner, they do accept Cisco Learning Credits definitely can help if you have an employer that will only purchase training with learning credits.
In this post, I'm going to go through Rapid Threat Containment utilizing both ISE and Firepower. The pre-requirements in order to do this is to have configured pxGrid between ISE and the Firepower Management Center (FMC) prior. If you would like to know how to do so, I went over how to do it with self-signed certificates in this post here or CA-signed certificates in this post here.
I'm going to go over integration ISE 2.1 and Stealthwatch via pxGrid with self-signed certificates. I personally like using CA-Signed certificates for my deployment because if I ever need to rebuild an ISE instance or pxGrid client, it's extremely easy to get it up and running again with a CA-signed certificate but this isn't always the ideal situation for everyone. For those without a PKI infrastructure or for lab environments, it's pretty easy to set up pxGrid integration without an external PKI infrastructure.
I'm going to go through the configuration of Firepower v6.0.x for pxGrid integration with ISE using self-signed certificates. We went through the configuration of Firepower with CA-signed certificates in a previous post and you'll see that the configuration is very similar to that in this post.
In this blog post I'm going to go through the setup of a virtual Web Security Appliance from scratch and a couple of different options you can take. This is a basic setup for the purposes of labbing later with TrustSec and pxGrid. This is what I set up prior to my pxGrid configuration post.
This blog post is going to be a quick one. I'm going to share the configuration of NetFlow so I can export to my StealthWatch system. In previous posts, I mentioned that I'm using a Cisco Catalyst 3650 and ASA 5506 in my lab so I'll go over what I configured on them.
In a previous blog post, I configured pxGrid integration with StealthWatch and ISE using a CA-Signed certificate. In this blog post, I'm going to go through the configuration using self-signed certificates to enable StealthWatch to mitigate threats on the network using ISE.
If you are using AMP for Endpoints in your lab or implementation, I would highly recommend adding the cloud connection to your Firepower Management Center. The reason you would do this is that it allows you to import threat identifications, indications of compromise (IOC), and other malware-related information that the AMP cloud gathers from the endpoints.
In this post, I'm going to go through the configuration of Firepower v6.0.x for pxGrid integration with ISE using CA-signed certificates. In future posts, I'm planning on going through the configuration for both Firepower 5.4 and 6.0 using both self-signed and CA-signed certificates. The reason I plan on doing that is because they are slightly different and it's important to know this.
In this post, I'm going to do a basic setup of my ASA with Firepower. I'm not going to dig too deep into individual policies since those should be dedicated to their own blog post. Instead, I'm going to go through the basic setup of the ASA and the Firepower Management Center (FMC).
In this blog post, I'll go over the configuration of the ASA for TrustSec. This is for the native ASA code - not Firepower. I'll be going over Firepower separately in later blog posts. I'll be going over the configuration of TrustSec, SXP, and writing SGACLs for the ASA in this post. I'll be mostly utilizing the ASDM to make things a little easier and simpler to follow along with.
I have an ASA 5506 running in my lab and I wanted to establish the basic configuration for it first before I jump into the TrustSec configuration. This post isn't much of a deep dive but more informational in the even someone is building a lab similar to mine.
In this blog post, I'll go through the configuration for TrustSec and SXP for both my Catalyst 3650 switch and wireless controller. I'll walk through the configuration, create the SXP connection, and verify. After that, I'll test out a policy by connecting a client to the switch, watching the tag be applied on ingress and the policy applied.
In this blog post, I'm going to actually configure the Nexus 1000v for TrustSec. I'm going to walk through configuring the SXP connection, downloading the environmental data, and then assigning SGTs to devices.
In this blog post, we're going to go over the configuration of TrustSec in ISE 2.1. This configuration also applies to ISE 2.0 as well for the most part. While TrustSec is not a required configuration for a secure ISE deployment, it definitely has some great advantages. It's a security architecture utilizing security group tags (SGTs) that allows that network to enforce access control policy, reduce ACL complexity, and can be utilized for policy in other security devices which I will go into further in later blog posts when I go over pxGrid on different systems.