Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5879
Views
15
Helpful
5
Replies

Official Hardening Guide for Firepower 4100 Series

seekianherng
Level 1
Level 1

‎03-13-2017 11:11 PM - edited ‎03-10-2019 06:47 AM

hi,

Anyone know if there's a official hardening guide for Cisco Firepower 4100 series platform ?

I only manage to find guide for ASA Firewall

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/200150-Cisco-Guide-to-Harden-Cisco-ASA-Firewall.html

Thank you.

3 people had this problem
Labels:
0 Helpful
5 Replies 5

Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-14-2017 06:50 AM

There isn't one that I know of. However note if you are running the ASA image you can follow that. FTD is too new to have one out.

Note there are some features introduced in FX-OS 2.1(1) that are specific to hardening. Among them are:

You can now use the FXOS Chassis Manager to enable FIPs/Common Criteria mode to support achieving compliance with FIPS (Federal Information Processing Standard) 140-2 and Common Criteria security certifications.

FXOS 2.1(1) contains several new features and numerous enhancements to support achieving compliance with the UC-APL (Unified Capabilities Approved Product List) security certification:

Enable/Disable FIPS/CC Mode using Firepower Chassis Manager

Configuring Management ACL (ip-block) via Firepower Chassis Manager

Configuring SSH Server – MAC Authentication via Firepower Chassis Manager

Configuring SSH Server – Encryption Algorithms via Firepower Chassis Manager

Login Notifications

Periodic update of CRL list

Client Cert authentication

You can now enable NTP server authentication.

Source: http://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/fxos211/release/notes/fxos211_rn.html#pgfId-148118

toddlammle
Level 1
Level 1

‎01-04-2018 12:40 PM - edited ‎01-04-2018 12:42 PM

I wrote something in my blog about the ICMP issues (https://www.lammle.com/about/blog/) where I discuss how the FTD is NOT like the ASA...this basically describes the hardening problem and provides only the ICMP solution.

I am working hard on writing a hardening chapter for my new FTD book..March 2018!

This is desperately needed by ALL my customers!!

 

Todd Lammle

John500
Level 1
Level 1
In response to toddlammle

‎01-15-2019 02:31 AM

Does anyone have Cisco Firepower, FTD, FMC hardening guide.

0 Helpful

toddlammle
Level 1
Level 1
In response to John500

‎01-15-2019 06:33 AM

So I started discussing this a year or so ago with some of my staff, and the reality is the hardening for the FMC is System>Configuration, but the real hardening for the FTD is completely in the Device>Platform Settings.

It wasn’t enough to write a book about, but it is very important, so I added the intense labs into my class and also did a video series on it at my web site.

I can’t list the web site or they’d just delete it here, but its my name ☺

Thanks!

Todd Lammle


Sheraz.Salim
VIP
VIP
In response to toddlammle

‎01-15-2019 08:51 AM

Hello Sir I am your big fun @tod
please do not forget to rate.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card