In this post, I’m going to be posting my deep-dive notes on ISE device profiling as well as what each probe does and what type of information to expect from the attributes.
In this video, we're going to talk about Trustsec design, brownfield considerations, and how to scale Trustsec.
In this video, we’ll be going over the configuration of Security Group ACLs and the Trustsec matrix. After we configure it, I’ll show you how it’s pushed down to the network access devices and enforce them.
In this video, we’re going to walk through the configuration of SGT Exchange Protocol (SXP). We’ll first configure it between two switches that are separated by a non-Trustsec-capable device and then we’ll configure it between the switches and ISE .
In this video, we’re going to configure our Trustsec domain between three switches and enforce Network Device Admission Control (NDAC)
In this video, we’re going to dig into Trustsec a little bit further by discussing some of the different IP-to-SGT bindings are done, how to configure various static bindings, how the network access device prioritizes different SGT binding types and why SXP is so important.
This is going to be the start of a small series on Trustsec. We’re going to go over some of the common terminology and components of Trustsec and give an overview of why we would use SGTs.
In this video, we're going to walk through the FTD Advanced Troubleshooting menu. If you've worked with ASA or ASDM in the past, some of the tools on this screen will be familiar to you.
In this video, we’re going to walk through the configuring of FQDN ACLs on Firepower 6.3. This was a feature that was just added in this latest release. The goal of this configuration is the block source or destination based on FQDN. In this case, I’m blocking a single host FQDN from accessing another host (my proxy) based on it’s FQDN.
In this video, we’ll be exploring FTD device copy, backup and restore. Device copy is used to easily copy configurations and policies from a pre-configured device to a completely different device while device copy copies the configurations, logs, events, etc and restore them to the same device.
In this video, we're going to configure and test an external lookup in Firepower 6.3. In this example, I'm using Splunk but there are a vast amount of choices on what you can configure as an external lookup with Firepower.
In this video, we're going to configure RADIUS external authentication for the FMC, shell access, and FTD
In this video, we’ll be configuring ThreatCentric NAC with Qualys on ISE. We’re going to configure automated vulnerability scans and automate network access based on the score of vulnerabilities found on the endpoint.
In this video, we’re going to configure pxGrid on Splunk. Once that’s completed, you’ll be able to quarantine endpoints from Splunk using ISE. This requires a bit more setup that your usual pxGrid configuration so I’ll include the commands I used in this post so one may copy and paste for the Linux portion of this. Whether or not you’re using CA-signed certs for pxGrid or self-signed in your ISE environment, this configuration should work for both.
In this video, we’re going to set up the Cisco Security Suite app within Splunk and walk through some of the cool things that we can do from the dashboard. One thing to note though is that this app was last updated in 2016 so there’s definitely some massaging that needs to be done to make it compatible with certain current add-ons.
In this video, we’re going to configure our FTD device to send syslog data to Splunk. The reason this is important is that the Lina-level syslog will give us information about NAT sessions, stateful information, VPN, etc. This data can be used in multiple dashboards and apps in Splunk
In this video, we’ll be configuring our switches, routers, wireless controllers, and access points to send data tp Splunk for use is the Cisco Networks App.
In this video, we’ll be configuring the Cisco eStreamer eNcore app that allows Splunk to ingest data from Cisco Firepower Management Center. My previous blog post on this subject was based on the previous app. This video should be followed instead of the previous blog post since the new app makes it much easier.
In this video, we’ll be configuring the ISE app in Splunk. We’ll configure ISE to send syslog data to Splunk and configure the data input in Splunk. After that has completed, we will verify that the data is populating in the Splunk ISE app dashboard.
In this short video, we’re going to go over how to get apps from the Splunk site and install them in Splunk.