FMCv – Change IP Address

Welcome Back 😉

Think about this for a bit, its been years ago when we first configured the our Cisco FMCv in our virtual environment perhaps this is running for years with no problems. (Lucky us!) All of our firewalls connect to it, policies are pushed correctly, IPS rules are updated correctly and we even have URL filtering turned on some devices, and upgrades work out of the box, it just works, again lucky us! We have remote backups working but we never needed them…

Continue reading “FMCv – Change IP Address”

Advertisements

FMC Syslog with Graylog Extractor

Let’s continue to talk about the Cisco Firepower Management Center, in this post we are going to look at sending connection events over to syslog. In this example I’m using Graylog which is an open source logging platform and  although any syslog server would work, one of the problems with syslogs is there is little uniformity when you have different systems sending these logs. One of the things that Graylog can to do is extract the raw message and put each part of message into a separate searchable field. We’ll configure the FMC to send syslogs and then configure an extractor on Graylog. Continue reading “FMC Syslog with Graylog Extractor”

Verifying DNS Lists – FMC

We are back with another post about Cisco’s Firepower Management Center and this time we are working with the DNS list which if you have a protect license you can have your Firepower modules or your FTD (Firepower Threat Defense) devices look at DNS requests and deny requests if they are malicious. These have to be applied on your access control policy to be able to use it and in this post we are going verify some of the domain names that are in this lists. Continue reading “Verifying DNS Lists – FMC”