Question

Cisco Next Generation Intrusion Prevention System (NGIPS) devices include global correlation capabilities that utilize real-world data from Cisco Talos. To leverage global correlation in blocking traffic, what should be configured on the NGIPS?

Answer 1

To configure and set up Sourcefire NGIPS–managed devices, you must define blocking rules, set up the IPS to capture traffic, and, if necessary, block untrusted IP addresses. Sourcefire NGIPS is widely deployed in many enterprise environments that help protect the perimeter from intrusions.

Review the Sourcefire Installation Guides to set up a Defense Center and managed devices. The appliance will be configured as a Next Generation firewall.

Log in to the Sourcefire management interface and select the device you have configured.

Sourcefire NGIPS Interfaces Tab

Enter the specific details within the Device section. Click the pencil icon to edit the device-specific details.

Sourcefire Managed Device Setup

We have two separate security zones created on this device: the BIG-IP load balanced security zone, which is the zone for all the IPS-managed device interfaces, and the VLAN-35 security zone, which is the network for all the application server nodes (i.e., FTP, HTTPS, WEB). The Sourcefire NGIPS– managed device will inspect network flows coming from the BIG-IP appliance and then connect to the back-end server pools.