Category: Creating a File Policy

  • Verifying the Operation: Outside to DMZ – Cisco Network Address Translation (NAT)

    Verifying the Operation: Outside to DMZ This section demonstrates the operation of a static Auto NAT rule on a threat defense. As in the previous exercise, this one also uses the SSH service to generate traffic. However, unlike in the previous exercise, the SSH connection is initiated by an external…

  • Verifying the Operation: Outside to Inside

    Verifying the Operation: Outside to Inside The NAT rule you created earlier evaluates the forward traffic—the traffic that originates from INSIDE_INTERFACE and is destined for OUTSIDE_INTERFACE. However, any traffic in the reverse direction does not match this rule. You can verify this by capturing SSH traffic on OUTSIDE_INTERFACE and by…

  • Verifying the Operation: Inside to Outside – Cisco Network Address Translation (NAT)

    Verifying the Operation: Inside to Outside This section describes how to verify the NAT operation on a threat defense. To demonstrate the translation process, this example uses SSH traffic. Let’s initiate a connection from an internal host 192.168.1.10 to an external SSH server 203.0.113.10. If NAT is operational on the…

  • “Do I Know This Already?” Quiz – Cisco Network Address Translation (NAT)

    “Do I Know This Already?” Quiz The “Do I Know This Already?” quiz enables you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt about your answers to these questions or your own assessment of your…

  • Overriding a Malware Disposition – Cisco Malware and File Policy

    Overriding a Malware Disposition If you disagree with a file disposition—whether it is analyzed locally by the threat defense or dynamically by the cloud—the management center allows you to override this outcome by using a file list. There are two types of file lists: Clean list: If a threat defense…

  • Configuring a Dynamic NAT Rule – Cisco Network Address Translation (NAT)

    Configuring a Dynamic NAT Rule The management center offers two types of NAT policies: the Firepower NAT Policy and Threat Defense NAT Policy. The former is used to enable NAT on classic hardware models, such as the 7000 and 8000 Series. To enable NAT on a threat defense, you need…

  • Analyzing File Events

    Analyzing File Events Using a web browser on your client computer, you can attempt to download two files—7z1900.exe and userguide.pdf—from a web server. If the threat defense is running a file policy configured as previously described, it should block the download of the 7z1900.exe file and simply detect the download…