Cisco Cisco Firepower 9300 Security Appliance 기술 매뉴얼
Configure Remediation Services with ISE and
FirePower Integration
FirePower Integration
Document ID: 119370
Contributed by Michal Garcarz, Cisco TAC Engineer.
Nov 17, 2015
Nov 17, 2015
Contents
Introduction
Prerequisites
Requirements
Components Used
Configure
Network Diagram
FireSight Management Center (Defence Center)
ISE Remediation Module
Correlation Policy
ASA
ISE
Configure Network Access Device (NAD)
Enable Adaptive Network Control
Quarantine DACL
Authorization Profile for Quarantine
Authorization Rules
Verify
AnyConnect Initiates ASA VPN Session
FireSight Correlation Policy Hit
ISE Performs Quarantine and Sends CoA
VPN Session is Disconnected
Troubleshoot
FireSight (Defence Center)
ISE
Bugs
Related Information
Prerequisites
Requirements
Components Used
Configure
Network Diagram
FireSight Management Center (Defence Center)
ISE Remediation Module
Correlation Policy
ASA
ISE
Configure Network Access Device (NAD)
Enable Adaptive Network Control
Quarantine DACL
Authorization Profile for Quarantine
Authorization Rules
Verify
AnyConnect Initiates ASA VPN Session
FireSight Correlation Policy Hit
ISE Performs Quarantine and Sends CoA
VPN Session is Disconnected
Troubleshoot
FireSight (Defence Center)
ISE
Bugs
Related Information
Introduction
This document describes how to use the remediation module on a Cisco FireSight appliance in order to detect
attacks and automatically remediate the attacker with the use of the Cisco Identity Service Engine (ISE) as a
policy server. The example that is provided in this document describes the method that is used for remediation
of a remote VPN user who authenticates via the ISE, but it can also be used for an 802.1x/MAB/WebAuth
wired or wireless user.
attacks and automatically remediate the attacker with the use of the Cisco Identity Service Engine (ISE) as a
policy server. The example that is provided in this document describes the method that is used for remediation
of a remote VPN user who authenticates via the ISE, but it can also be used for an 802.1x/MAB/WebAuth
wired or wireless user.
Note
: The remediation module that is referenced in this document is not officially supported by Cisco. It is
shared on a community portal and can be used by anyone. In Versions 5.4 and later, there is also a newer
remediation module available that is based on the pxGrid protocol. This module is not supported in Version
6.0 but is planned to be supported in future versions.
remediation module available that is based on the pxGrid protocol. This module is not supported in Version
6.0 but is planned to be supported in future versions.