We recently installed a Cisco ASA 5508-x with FirePOWER Services. I am now getting around to setting FP up. I would like to understand how FP works before configuration.
In terms of exposure, how does the FPmodule handle traffic. Let's say the module is in "Inline" mode. From my understanding, all traffic enters and exits through the module before heading to its destination. So let's say, for example, the module has an internal IP (it is my understanding the module must be on the same VLAN as the inside interface). Traffic comes in and goes to the FP module. Am I exposing my internal network by having the module on an internal VLAN? Or does the traffic have to properly pass ACL rules to GET to the module.
Because I'm not exactly an expert on this stuff (obviously), maybe I can try to explain it like this. Cable-wise, traffic comes in through the inside interface. With FP services, does traffic come through the inside interface, get redirected to the FP module, inspected, then redirected back to its original destination? What about traffic going out? Does it hit the inside interface, get redirected to the module, then back to the inside interface?
I realize these are a lot of probably dumb questions, but I'm trying to get answers so I can explain them to my manager.
Best Answer
With FP setup as Inline you need two interfaces, one inbound and one outbound.
Proxy traffic example
Flow of traffic would be User>Internal Proxy Server inside interface>external Proxy Outside interface>cable from proxy external interface connects directly to FP Port 1>FP port 2 outbound connects to switch on same vlan as Proxy> traffic then routes to the External Proxy>out to the Internet
FP just passes traffic whilst at the same time copies this traffic and inspects/analyse. You'll need to configure maps, rules/policies on the FP, please refer to documentation.
I hope this helps!