Connecting Firepower to the AMP Cloud

If you are using AMP for Endpoints in your lab or implementation, I would highly recommend adding the cloud connection to your Firepower Management Center. The reason you would do this is that it allows you to import threat identifications, indications of compromise (IOC), and other malware-related information that the AMP cloud gathers from the endpoints. 

Firepower 6.0 pxGrid Integration with ISE - CA-Signed Certificate

In this post, I'm going to go through the configuration of Firepower v6.0.x for pxGrid integration with ISE using CA-signed certificates. In future posts, I'm planning on going through the configuration for both Firepower 5.4 and 6.0 using both self-signed and CA-signed certificates. The reason I plan on doing that is because they are slightly different and it's important to know this. 

ASA TrustSec Configuration

In this blog post, I'll go over the configuration of the ASA for TrustSec. This is for the native ASA code - not Firepower. I'll be going over Firepower separately in later blog posts.  I'll be going over the configuration of TrustSec, SXP, and writing SGACLs for the ASA in this post. I'll be mostly utilizing the ASDM to make things a little easier and simpler to follow along with.

ISE 2.1 - Switch and Wireless Controller TrustSec Configuration

In this blog post, I'll go through the configuration for TrustSec and SXP for both my Catalyst 3650 switch and wireless controller. I'll walk through the configuration, create the SXP connection, and verify. After that, I'll test out a policy by connecting a client to the switch, watching the tag be applied on ingress and the policy applied.

ISE 2.1 - TrustSec Overview and ISE Configuration

In this blog post, we're going to go over the configuration of TrustSec in ISE 2.1. This configuration also applies to ISE 2.0 as well for the most part. While TrustSec is not a required configuration for a secure ISE deployment, it definitely has some great advantages. It's a security architecture utilizing security group tags (SGTs) that allows that network to enforce access control policy, reduce ACL complexity, and can be utilized for policy in other security devices which I will go into further in later blog posts when I go over pxGrid on different systems. 

ISE 2.1 and WSA pxGrid Integration with CA-Signed Certificates

This blog post is going to be going over integration ISE 2.1 and WSA via pxGrid with CA-signed certificates. I personally like using CA-Signed certificates for my deployment because if I ever need to rebuild an ISE instance or pxGrid client, it's extremely easy to get it up and running again with a CA-signed certificate.

ISE 2.1 - Configuration of AMP & ISE Integration

This post is going to go over the integration of ISE 2.1 and AMP for Endpoints. ISE 2.1 introduces the concept of a "Threat Centric NAC" which allows you to configure vulnerabiltiy and threat adapters to send high fidelity Indicators of Compromise (IoC), Threat Detected events, and CVSS scores to ISE so that threat-centric access policies can be created to change the privilege of the endpoint accordingly. 

StealthWatch and ISE Integration with CA-Signed Certificate

In this blog post, I'll go over StealthWatch and ISE integration with pxGrid. With this integration, ISE will share contextual information such as username and device information with StealthWatch and it adds the ability to do rapid threat containment to quarantine misbehaving endpoints. I'm going to use a CA-signed certificate in this post and later I'll add a post with self-signed certificates. 

StealthWatch ProxyWatch with WSA

In this blog post, I'm going to go over ProxyWatch with StealthWatch. Many enterprises utilize proxies to protect their networks. They provide protection at the cost of visibility to other security solutions. ProxyWatch is a licensed feature that allows StealthWatch to see the translated address and associate it with the other side of the proxy conversation which provides more accurate troubleshooting and forensics. It's a bit like NAT stitching for proxies.