Cisco Secure Firewall गाइड

Is guide ka upyog karke Cisco Secure Firewall me Cybora ko Security Intelligence feeds ke through integrate karein. Sabse common workflow ye hai ki feed ko Secure Firewall Management Center me create kiya jaye aur phir use Access Control Policy ki block ya do-not-block logic me lagaya jaye.

What Cisco Secure Firewall can do with a Cybora feed

• Cisco Security Intelligence IP addresses, domains aur URLs ke liye dynamic feeds consume kar sakta hai.
• Feed ko HTTP ya HTTPS ke through fetch kiya jata hai aur configured interval par update kiya jata hai.
• Imported feed ko access control workflow ke Security Intelligence section me use karke matching traffic ko block ya monitor kiya ja sakta hai.
• Ye approach tab khas taur par useful hoti hai jab aap threat intelligence ko access control logic ke early stage par enforce karna chahte hain.

Before you start

• Secure Firewall Management Center ya cloud-delivered FMC use karein jahan Security Intelligence support available ho.
• Ensure karein ki aapka deployment Cisco ke documented requirements for Security Intelligence aur custom feeds ko meet karta ho.
• Ensure karein ki management center Cybora feed URL ko HTTPS ke through reach kar sake.
• Sahi feed type chunen: Network IP addresses ke liye, DNS domains ke liye, aur URL URLs ke liye.

Create the feed object

1. Objects > Object Management par jayen.
2. Security Intelligence section me apne Cybora feed ke corresponding feed type ko open karein.
3. Naya feed object add karein.
4. Feed ka clear naam dein.
5. Type ko Feed par set karein.
6. Cybora feed URL ko Feed URL me paste karein.
7. MD5 URL sirf tab configure karein jab aapka feed workflow usse support karta ho aur aapko frequent refresh checks optimize karne hon.
8. Update Frequency ko apne Cybora plan ke hisab se set karein. Agar Cisco workflow me bahut frequent refresh ke liye MD5 URL ki zarurat ho, to aisa interval chunen jo Cisco requirements aur Cybora plan dono ke andar ho. Allowed interval ke andar sirf ek request permitted hai. Excessive polling ki wajah se feed block ho sakta hai.
9. Feed object save karein.

Apply the feed in policy

1. Relevant Access Control Policy kholen.
2. Security Intelligence section me Cybora feed ko Block list ya relevant matching logic me add karein.
3. Agar aap monitor-first rollout chahte hain, to logging enable karke feed ko pehle non-blocking workflow me use karein.
4. Agar aap immediate protection chahte hain, to feed ko blocking mode me use karein taaki matching IPs, domains ya URLs seedhe deny ho jayen.
5. Configuration ko managed devices par deploy karein.

Validation

1. Confirm karein ki feed Object Management me successfully download ho raha hai.
2. Verify karein ki feed intended Access Control Policy me referenced hai.
3. Agar zarurat ho to connectivity validate karne ke liye manual feed update trigger karein.
4. Security Intelligence events aur connection logs review karke matches aur enforcement confirm karein.

Further reading

• Security Intelligence
• Custom Security Intelligence Feeds
• Creating Security Intelligence Feeds
• Custom Lists and Feeds: Requirements