Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1321
Views
10
Helpful
5
Replies

Logs for Whitelist Ip In FMC

Go to solution
niravgunjan
Level 1
Level 1

‎03-27-2017 03:46 AM - edited ‎03-10-2019 06:48 AM

Connection events not appearing for whitelisted IP through security intelligence  in FMC

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to niravgunjan

‎03-27-2017 07:48 PM

Secuirty intelligence does work on traffic to or from a given address. However it does always apply to the feed supplied by Cisco.

For more on the feature, please see this section in the Configuration Guide:

http://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/security_intelligence_blacklisting.html?bookSearch=true#ID-2192-00000005

View solution in original post

5 Replies 5

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-27-2017 08:38 AM

Whitelisting addresses under Security Intelligence only has an effect on addresses that would normally be blocked by that feed.

If you want to whitelist any other addresses, you need to do it via a source or destination address called out in a distinct rule in your Access Control Policy.

0 Helpful

Go to solution
niravgunjan
Level 1
Level 1
In response to Marvin Rhoads

‎03-27-2017 08:38 AM

Thankyou Marvin for your response.

Does this feed solely works on Source IP as classified by Cisco ?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to niravgunjan

‎03-27-2017 07:48 PM

Secuirty intelligence does work on traffic to or from a given address. However it does always apply to the feed supplied by Cisco.

For more on the feature, please see this section in the Configuration Guide:

http://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/security_intelligence_blacklisting.html?bookSearch=true#ID-2192-00000005

Go to solution
niravgunjan
Level 1
Level 1
In response to Marvin Rhoads

‎03-30-2017 04:56 AM

Thankyou Marvin.Could you please help me with below 2 questions: 1)how to check ssl version on FMC? 2)how to login in FMC via cli as local credentials not working?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to niravgunjan

‎03-30-2017 08:10 AM

You're welcome. Please mark your original question as answered if it has been.

To check SSL ciphers, I use the open source tool nmap. There is a script that will enumerate the ciphers and let you all all of the supported ciphers.

https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html

If the local credentials are not working (and you haven't setup external authentication), you will have to recover/reset the password. There is a Cisco technote that covers the procedure in detail here:

http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118631-technote-firesight-00.html#anc2

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card