Dear,we noticed that cisco firepower FTD 2130 is sending DNS requests to the open DNS 184.108.40.206 which is not required and we didn't configured.we need to disable this featrue, please advice COVID-19 Response - Stealthwatch use cases for managing a sh.
To edit a DNS policy: Step 1 Select Configuration ASA FirePOWER Configuration Policies DNS Policy. Step 2 Edit your DNS policy: † Name and Description - To change the name or description, click the field and type the new information. † Rules - To add, categorize, enable, disable, or otherwise manage DNS rules, click the Rules tab. DNS-based Security Intelligence allows you to use your FirePOWER implementation to blacklist traffic based on the domain name lookup requested by a client workstation. Policy, or anything like that?. Would the above process work, or is there anything you would do differently? Also, I’ll be changing the DNS settings, but not sure I have the expert mode password, guessing a reboot of the ASA would suffice instead of clearing a process? Thanks in advance folks. Rules in a DNS policy are numbered, starting at 1. The ASA FirePOWER module matches traffic to DNS rules in top-down order by ascending rule number. When you create a DNS policy, the ASA FirePOWER module populates it with a default Global DNS Whitelist rule, and a default Global DNS Blacklis t rule.
DNS-based Security Intelligence allows you to use your FirePOWER implementation to blacklist traffic based on the domain name lookup requested by a client workstation.
What’s cool is that items configured here are blocked BEFORE access control rules so you can block bad traffic without wasting resources inspection it further based on the work Cisco has already done, and continues to do via the Cisco Talos Security Intelligence and Research Group. These lists we’ll select below are automatically updated as Cisco locates new threats.
This document assumes you already have your FirePOWER implementation working and configured (version 6.0 minimum), if you don’t check out this article:
This document also assumes you want to use Cisco’s pre-configured and automatically updated domain name intelligence lists.
Review Policy Hits45 sound clash tunes download.
After your new changes have been deployed you can check and see what’s hitting and what’s not.
I’ll be doing more detailed write-ups on both dashboards and Analysis in the future.