In this video, I'll be configuring wired 802.1x and showcasing RBAC access with it.
The Active Directory Probe
This is a continuation from the last video about profiling. I just wanted to talk about the Active Directory probe and some of the stuff you can see and do with it. To enable the Active Directory probe, navigate to Administration>Deployment and click on the PSN you would like to turn on the probe on. You must have the DNS probe enabled as well. Under the Profiling tab, check the box next to DNS and Active Directory to enable both probes.
Profiling Fun!
Switch Configuration
Initial Configuration of FTD, CSR, and ASAv
Initial Configuration of ISE
Configuring Server 2012 - AD, DNS, DHCP, CA, Certificate Templates, GPO
Lab Overview
Micronics Zero to Hero Security Review
I wanted to write up a review of my experience with Micronics Learning Z2H Security class. A lot of folks have asked me both on Twitter and on forums about it. I was lucky enough to attend the first class they had late in 2015 and it was honestly one of the best uses of my money for training that I've ever spent. If you're looking for CCIE Security v5 training or just Cisco security training in general, this is probably the best class on the market to get it. Since they are a Cisco Learning Partner, they do accept Cisco Learning Credits definitely can help if you have an employer that will only purchase training with learning credits.
Rapid Threat Containment with ISE 2.1 and Firepower 6.1
In this post, I'm going to go through Rapid Threat Containment utilizing both ISE and Firepower. The pre-requirements in order to do this is to have configured pxGrid between ISE and the Firepower Management Center (FMC) prior. If you would like to know how to do so, I went over how to do it with self-signed certificates in this post here or CA-signed certificates in this post here.
StealthWatch 6.8 and ISE Integration with Self-Signed Certificate
I'm going to go over integration ISE 2.1 and Stealthwatch via pxGrid with self-signed certificates. I personally like using CA-Signed certificates for my deployment because if I ever need to rebuild an ISE instance or pxGrid client, it's extremely easy to get it up and running again with a CA-signed certificate but this isn't always the ideal situation for everyone. For those without a PKI infrastructure or for lab environments, it's pretty easy to set up pxGrid integration without an external PKI infrastructure.
Firepower 6.0 pxGrid Integration with ISE - Self-signed Certificates
WSA Setup
Configuring NetFlow for my lab
ISE 2.1 and WSA pxGrid Integration with Self-Signed Certificates
Connecting Firepower to the AMP Cloud
If you are using AMP for Endpoints in your lab or implementation, I would highly recommend adding the cloud connection to your Firepower Management Center. The reason you would do this is that it allows you to import threat identifications, indications of compromise (IOC), and other malware-related information that the AMP cloud gathers from the endpoints.
Firepower 6.0 pxGrid Integration with ISE - CA-Signed Certificate
In this post, I'm going to go through the configuration of Firepower v6.0.x for pxGrid integration with ISE using CA-signed certificates. In future posts, I'm planning on going through the configuration for both Firepower 5.4 and 6.0 using both self-signed and CA-signed certificates. The reason I plan on doing that is because they are slightly different and it's important to know this.
Firepower Setup and Policy Creation
ASA TrustSec Configuration
In this blog post, I'll go over the configuration of the ASA for TrustSec. This is for the native ASA code - not Firepower. I'll be going over Firepower separately in later blog posts. I'll be going over the configuration of TrustSec, SXP, and writing SGACLs for the ASA in this post. I'll be mostly utilizing the ASDM to make things a little easier and simpler to follow along with.