Chapter 12Inspecting Traffic Without Blocking It
An FTD device can block packets when you deploy it in Inline Mode. However, there are some scenarios where you may not want to block a packet right away but instead want to watch the traffic pattern, determine the effectiveness of your access rules or intrusion rules on live traffic, and then tune the overall access control policy accordingly. Sometimes, you want to analyze any suspicious activities on your honeypot and detect any potential attacks. Occasionally, the business continuity policy of your organization may demand passive detection rather than inline protection. In this chapter, you will learn how to deploy FTD to inspect traffic and detect any suspicious activities without dropping ...
Get Cisco Firepower Threat Defense (FTD) now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.