Factory Reset Firepower 4100 & 9300

I got my hands on some Cisco Firepower 4100 units and after playing around with them I wanted to reset them to factory settings, essentially erase the “startup-config” on the FXOS. The Firepower units act a little differently than your normal Cisco IOS or ASA and you can’t just erase startup-config and reload the device, that would be too easy. I was able to find that if you do a password recovery on the unit it erases the configuration  and that’s as close as I got for a factory reset. Continue reading

Basic Cisco ASA Overview

The Cisco 5500 Series Adaptive Security Appliances are of course an excellent firewall but the ASA also offers (depending on the model) other security services as well, like IPS systems, VPN, content security, unified communications and remote access. These ASA’s can be used as a standalone appliance’ that can handle the need for branch offices to enterprise data centers. Or they can be included in high-performance blades that work together with the Cisco Catalyst 6500 Series, and recently new they can also run in a virtual instance which provides tenant isolation for public and private clouds! For now let’s focus on the basics of the ASA like the ASDM. Continue reading

Configuring Zone Based Firewalls via SDM

Last month I talked about the fundamentals for understanding zone based firewalls (See the post Understanding Zone Based Firewalls). So for today’s post I want to go ahead and talk about configuring the zone based firewalls but with the Cisco SDM (Security Device Manger). The Cisco SDM is a Web-based device management tool a GUI for Cisco routers this can simplify router deployments and reduce ownership costs. (See the post Configure Cisco SDM) Instead of talking about what is zone based firewalls lets jump into the configuration of them. Continue reading

Understanding Zone Based Firewalls

Earlier we talked about using CBAC (See the post Understanding CBAC) the “classic firewall” and we mention some information about zone based firewalls but not nearly enough. So today we will be talking about zone based firewalls. Why are they different? We also will learn the basics about what is zone based and what are the advantages compared to CBAC. Continue reading

Cisco IDS vs. IPS

There are tons of network attacks out there. Using a firewall helps but does look for signature based attacks. Access Control Lists are like firewalls and only look at the protocols like HTTP, FTP POP, etc. Cisco has developed some tools that will help network administrators combat the issue; IDS, (Intrusion Detection System) and IPS. (Intrusion Prevention System) Continue reading