test results for cisco firepower 6.1.0 for japan · dns domainnamesystem dos denialofservice. eobc...

Test Results for Cisco Firepower 6.1.0 for JapanFirst Published: August 29, 2016

Last Modified: September 09, 2016

Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000 800 553-NETS (6387)Fax: 408 527-0883

Text Part Number:

C O N T E N T S

C H A P T E R 1 Overview 1

Cisco Security Solution Test 1

C H A P T E R 2 Test Topology and Environment Matrix 7

Test Topology 8

Environment Matrix 9

What's Prioritized? 10

Open Caveats 11

C H A P T E R 3 Test Results Summary 13

Test Results Summary for Cisco Firepower FP9300 Security Appliance with Cisco Firepower

Threat Defense 6.1.0 for Japan 13

Related Documentation 94

Test Results for Cisco Firepower 6.1.0 for Japan iii

Test Results for Cisco Firepower 6.1.0 for Japaniv

Contents

C H A P T E R 1Overview

• Cisco Security Solution Test, page 1

Cisco Security Solution TestCisco Security Solution Test, an integral part of the Secure Data Center and Virtualization solution, enablessecurity solutions, products, and services to work together to deliver enhanced Protection, Policy control,Context-aware Security, Intrusion detection and prevention, discovery, and advanced malware protection forcustomers. This is achieved by testing the latest versions of Cisco Security products.

Cisco Security Solution Test for Japan, in turn is an add-on testing at the solution level, where the requirementsgathered are specific to Japan usage and market. The requirements are derived based on the following:

• Features in Cisco Firepower Management Center and Cisco Firepower Threat Defense Virtual

• Inputs from Solution SEs and PM team

• High priority cases that are covered by the Cisco Security Solution Test team

• Inputs from various business units, fields, and Cisco services

The test execution is carried out on selected Security products, which are prioritized by the Cisco Japanstakeholders for the Japan theater

The current release focuses on testing the selected Security products.Note

The following product is covered in the test execution:

• Cisco Firepower FP9300 Security Appliance with Cisco Firepower Threat Defense

• Cisco Firepower Management Center

• Cisco Firepower Threat Defense Virtual

• Cisco Advanced Malware Protection

• Cisco Firepower User Agent for Active Directory

• Identity Service Engine

Test Results for Cisco Firepower 6.1.0 for Japan 1

Acronyms

DescriptionAcronym

Authentication Authorization and Accounting.AAA

Access Control Entry.ACE

Access Control List.ACL

Authentication Header.AH

Address Resolution ProtocolARP

Adaptive Security Algorithm.ASA

ASA Services ModuleASASM

Autonomous System Boundary Router.ASBR

Cisco Adaptive Security Device ManagerASDM

Bit Error Rate.BER

Berkeley Internet Name Domain.BIND

Bootstrap ProtocolBOOTP

Bridge Protocol Data Unit.BPDU

Berkeley Standard Distribution.BSD

command-line interface.CLI

Context Directory AgentCDA

Connection slot in the ASASMconn

Data Encryption Standard.DES

Dynamic Host Configuration Protocol.DHCP

De Militarized ZoneDMZ

Dynamic Network Address Translation.DNAT

Domain Name SystemDNS

Denial of Service.DoS

Ethernet Out-of-Band Channel.EOBC

Encapsulating Security Payload.ESP

privileged command modeEXEC

Firewall Management Center.Firewall MC

File Transfer Protocol.FTP

Firepower Threat DefenceFTD

Gigabits per second.Gbps

Test Results for Cisco Firepower 6.1.0 for Japan2

OverviewCisco Security Solution Test

DescriptionAcronym

Generic Routing EncapsulationGRE

High AvailabilityHA

Hypertext Transfer ProtocolHTTP

HTTP over SSL.HTTPS

Internet Assigned Number AuthorityIANA

Internet Control Message ProtocolICMP

Internet Engineering Task Force.IETF

Internet Group Management Protocol.IGMP

Interior Gateway Routing Protocol.IGRP

Internet Key Exchange.IKE

Internet Locator Service.ILS

Internetwork Operating System.IOS

Internet Protocol.IP

IP-in-IP encapsulation protocol.IPinIP

IP Security ProtocolIPSec

Intrusion prevention systemsIPS

Internetwork Packet Exchange.IPX

Internet Relay Chat protocolIRC

Internet Security Association and Key Management Protocol.ISAKMP

IP Solution Center.ISC

Initial Sequence Number.ISN

Internet service provider.ISP

International Telecommunication Union.ITU

Lightweight Directory Access Protocol.LDAP

linefeed.LF

link-state advertisement.LSA

Media Access Control.MAC

Message Digest 5MD5

Media Gateway Control Protocol.MGCP

Management Information BaseMIB

Multiprotocol Label Switching.MPLS



DescriptionAcronym

Million packets per second.Mpps

Multilayer Switch Feature Card.MSFC

Maximum Transmission UnitMTU

Network Address Translation.NAT

Network Basic Input Output SystemNetBIOS

Network File System.NFS

Network Information Center.NIC

Network Information Service.NIS

Next Generation Intrusion prevention systemsNGIPS

Next Generation FirewallNGFW

Network Management Station.NMS

Network News Transfer ProtocolNNTP

Network Operating System.NOS

Not So Stubby Area.NSSA

Network Time ProtocolNTP

Open Shortest Path First.OSPF

Port Address Translation.PAT

Protocol Data Unit.PDU

Protocol Independent Multicast.PIM

Private Internet Exchange.PIX

Post Office Protocol.POP

Point-to-Point Protocol.PPP

Point-to-Point Protocol over Ethernet.PPPoE

Point-to-Point Tunneling Protocol.PPTP

Prime Security ManagerPRSM

Remote Authentication Dial-In User ServiceRADIUS

Registration Admission and Status protocolRAS

Real Data TransportRDT

Request For CommentRFC

Routing Information Protocol.RIP

Remote Procedure Call.RPC



DescriptionAcronym

Rivest Shamir and Adelman algorithm.RSA

Remote ShellRSH

RTP Control Protocol.RTCP

Real Time Transport Protocol.RTP

Security Association.SA

Skinny Client Control ProtocolSCCP

Session Description Protocol.SDP

SourcefireSFR

Simple Mail Transfer ProtocolSMTP

Simple Network Management ProtocolSNMP

Shared Profile Component.SPC

Shortest Path First.SPF

Security Parameter IndexSPI

Secure Shell.SSH

Standard Error File Descriptor.STDERR

Switched Virtual Interface.SVI

SourceFire User AgentSFUA

Software-ModuleSW-Module

Transmission Control Protocol.TCP

Trivial File Transfer Protocol.TFTP

Triple Data Encryption Standard.Triple DES

User authentication.uauth

User Datagram Protocol.UDP

Universal Resource Locator.URL

Virtual LAN.VLAN

Virtual Private Network.VPN

Wide Area Network.WAN

Windows Internet Naming Service.WINS

World Wide Web.WWW

X Display Manager Control Protocol.XDMCP

Translation session.xlate



C H A P T E R 2Test Topology and Environment Matrix

• Test Topology, page 8

• Environment Matrix, page 9

• What's Prioritized?, page 10

• Open Caveats, page 11


Test Topology


Test Topology and Environment MatrixTest Topology

Environment MatrixSoftware VersionModelDevice NameCategory

n7000-s1-dk9.6.0.2.binNexus7000C7010(N7k-04)

CORE-1IP Infrastructure


CORE-2


AGGR-1


AGGR-2

c3900e-universalk9-mz.SPA.151-1.T1.binCISCO 3900WAN EDGEROUTER

ucs-6100-k9-system.4.2.1.N1.1.4m.binUCS 6140XPFABRICINTERCONNECT

Storage

ucs manager 2.0(3a)Cisco UCS5108

UCS BLADESERVERCHASSIS

ucs-2100.2.0.3a.binUCS 2104XPIO Module

S5500.1.2.1.0.030920101143UCSB200M2UCS BLADE

m9500-sf2ek9-kickstart-mz.5.2.2a.binMDS 9509MDS Switch

USP VM: 60-08-11-00/00HitachiSANSTORAGE

VMware ESXi 5.5.0UCSB200M2UCS BLADEVMware

fxos-k9- 9.2.0.1.37.spaCisco FirePower 9300 withFXOS 2.0.1

Cisco Firepower9300 SecurityAppliance cisco-ftd.6.1.0.330.SPA.csp

Cisco_Firepower_User_Agent_2.3.zipCisco Firepower User Agent forActive Directory

Cisco FirepowerUser Agent forActive Directory

Cisco_Firepower_Management_Center_Virtual_VMware-6.1.0-330.tar.gz

Cisco Firepower ManagementCenter Virtual Appliance

Cisco FirepowerManagementCenter VirtualAppliance


Test Topology and Environment MatrixEnvironment Matrix

Software VersionModelDevice NameCategory

Cisco_FIrepower_Threat_Defense_Virtual-6.1.0.-330.tar.gzCisco Firepower Threat DefenseVirtual for VMware

Cisco FirepowerThreat DefenseVirtual forVMware

cisco-ftd.6.1.0.330.SPA.cspCisco Firepower Threat DefenseCisco FirepowerThreat Defense

FireAMP v5.3.2015121523Cisco Advance MalwareProtection

Cisco AdvanceMalwareProtection

1.3Identity Service EngineIdentity ServiceEngine

Microsoft Windows Server 2008 R2MicrosoftWindows

MicrosoftWindows

Microsoft Windows 7 JP 32 and 64 bitMicrosoftWindows

Microsoft

Ubuntu 13.10UbuntuLinuxLinux

Mac OS 10.10.6Apple MacBook Pro (JPLocale)

MacBookApple

iOS 8.4.1iOSiPhone 6

8.0.2 (12A405)iPadiPad

Android 5.0.1Samsung S4SamsungAndroid Clients

Chrome: 51.0.2743.116Windows 7Web BrowsersBrowsers

Firefox : 48.0 .2

IE: 11.0.9600.18426CO

What's Prioritized?The following features are tested on priority in this release:

• FMC Features

• User-requested Geolocation lookup for IPs

• User-requested whois lookup

• AMP Private Cloud

• ISE Remediation

• ISE Error Improvement


Test Topology and Environment MatrixWhat's Prioritized?

• Integrated Risk reports

• User Authentication

• Kerberos User Authentication

• FIREPOWER Features

• SSL Client Hello

• Safe Search Enforcement

• YouTube EDU Enforcement

• True-IP Policy

• Active authentication Enhancements

• FTD Features

• Inline Security Group Tags(SGT)

• Interface objects

• Shared NAT

• Rate Limiting

• Prefilter Policies

• Site-to-site VPN Support

• Routing Enhancements

Open CaveatsTitleDefect ID

Reference drop down not working in the Rule content Intrusion PolicyCSCva83245

Korean and Japanese characters are Junked in SSL policyCSCva89394

Filtering tab is missing on IPv4(BGP) - Japanese/KoreanCSCva89451

Next Hop information is missing on IPv4(BGP) - Japanese/KoreanCSCva89472

DDNS method creation accepts space alone as nameCSCva89514

Customer product mapping list accepts same values multiple timesCSCva89548

Incident summary in double byte characters are junked after saveCSCva97326

Custom Workflow name and description in Double byte characters are junkedCSCva97337

Custom Table name in Double byte characters are junked in the pageCSCva97346

Job name in Double byte characters are junked in task scheduling pageCSCva97356

NAT Policy Description in Double byte characters are junkedCSCva97366

Japanese/Korean name of Health policy appears as Junk in Import/ExportCSCva99641


Test Topology and Environment MatrixOpen Caveats

Incorrect tab names under the Match Clauses-Japanese/KoreanCSCvb11305

Incorrect tab names under the set Clauses of Route Map-Japanese/KoreanCSCvb11345

Not able to add Existing or new Port Objects in ICMP ServiceCSCvb11240

Rule name in double byte characters are junked in NAT policy firepowerCSCvb11233


Test Topology and Environment MatrixOpen Caveats

C H A P T E R 3Test Results Summary

• Test Results Summary for Cisco Firepower FP9300 Security Appliance with Cisco Firepower ThreatDefense 6.1.0 for Japan, page 13

• Related Documentation, page 94

Test Results Summary for Cisco Firepower FP9300 SecurityAppliance with Cisco Firepower Threat Defense 6.1.0 for Japan

DefectStatusDescriptionTitleFeaturesCovered

Logical ID

PassedSW-Module IPSInstallation &Configurationfunctionalityverification

Verifyfunctionality forSW-Module IPSInstallation &Configuration

Firepower&DCConfiguration&Validation

FP-6.1-JP-01

PassedCheck thefunctionality fortrafficredirectionservice policy

Verifyfunctionality fortrafficredirectionservice policyenabled globally


FP-6.1-JP-02

PassedCheck thefunctionality fortrafficredirectionservice policyenabled forinput interface

Verifyfunctionality fortrafficredirectionservice policyenabled forinput interface


FP-6.1-JP-03


PassedFunctionality fortrafficredirection forClass Default

Verify thefunctionality fortrafficredirection forClass Default


FP-6.1-JP-04

PassedFunctionality forBasic IPSnetwork setup

Verify thefunctionality forBasic IPSnetwork setup


FP-6.1-JP-05

PassedConfiguration&replication ofshow managersshpuld beverified

Verify theConfiguration&replication ofshow managers


FP-6.1-JP-06

PassedCheckFunctionality offail-open mode

Verify thefunctionality ofFail-open mode


FP-6.1-JP-07

PassedCheckfunctionality offail-close mode

Verify thefunctionality ofFail-Closemode


FP-6.1-JP-08

PassedVerifyMigrating fromOn Box to OffBox Manager

Migrating fromOn Box to OffBox Manager


FP-6.1-JP-09

PassedTraffic handlingin Layer 2 layershould beverified

Verifying theTraffic handlingin Layer 2 layer


FP-6.1-JP-10

PassedCheck Traffichandling inLayer 3 layer



FP-6.1-JP-11

PassedCheck Traffichandling inLayer 4 layer



FP-6.1-JP-12

PassedTraffic handlingfor HTTPTraffic shouldbe verified

Verifying theTraffic handlingfor HTTPTraffic


FP-6.1-JP-13

PassedHTTPS Traffichandling shouldbe verified

Verifying theTraffic handlingfor HTTPSTraffic


FP-6.1-JP-14


Test Results SummaryTest Results Summary for Cisco Firepower FP9300 Security Appliance with Cisco Firepower Threat Defense 6.1.0 forJapan

PassedInstall theLicense on theFiresight fordifferentfeatures

Verifying theLicenseInstallation onthe Firesight


FP-6.1-JP-15

PassedVerifying theRegistration ofASA IPS inDefense Centerand DefenseCenter offline

Registration ofASA IPS inDefense Centerand DefenseCenter Offline


FP-6.1-JP-16

PassedCheck startupwizard includesSFR setupoption onASDM

Verify that thestartup wizardincludes SFRsetup option onASDM


FP-6.1-JP-17

PassedConfigureTrafficRedirectionsettings for SFRfrom ASDMAdd ServicePolicy Option

Verify thatTrafficRedirectionsettings can beconfigured forSFR fromASDM AddService PolicyOption


FP-6.1-JP-18

PassedCheck DCaccess policieswith ASAinterface used insecurityzones(SingleRouted Mode)

Verify DCaccess policieswith ASAinterface used insecurityzones(SingleRouted Mode)


FP-6.1-JP-19


Test Results SummaryTest Results Summary for Cisco Firepower FP9300 Security Appliance with Cisco Firepower Threat Defense 6.1.0 for

Japan

PassedRegister theSensor to theFireSIGHTManagementCenter andapply the featurelicenses on theDC. Licensescan be added toDC before anydevices areadded to DC oreven after thedevice(s) areadded. Onceregistered to theDC with featurelicenses, thesensors shouldfunction evenafter they areun-registeredfrom the DC.

Verify sfr-dcregister &unregister


FP-6.1-JP-20

PassedTo verify thedashboard panelfor SFRinstalled onASA fromASDM

Verifydashboard panelfor SFR fromASDM


FP-6.1-JP-21

PassedTo verify thatTrafficRedirectionsettings can beconfigured forSFR fromASDM

ConfigureTrafficRedirectionsettings fromASDM for SFR


FP-6.1-JP-22

PassedFunctionality ofNetworkDiscovery andConfiguringPolicies shouldbe verified

Verifying theNetworkDiscovery andConfiguringPolicies


FP-6.1-JP-23

PassedVerifyingDeploying theNGIPS onVMWare on theEsxi

Deploying theNGIPS onVMWare on theEsxi


FP-6.1-JP-24



PassedCheckfunctionalityof TrafficProfiles on theFiresight

Verifying theTraffic Profileson the Firesight


FP-6.1-JP-25

PassedCheck trafficblocked whenthe IPSConfigured asInline Mode

Verifying theTraffic has beenblocked whenthe IPSConfigured asInline Mode

Basic networkcontrol

FP-6.1-JP-26

PassedVerify Sensoraction blockwith regularIP/protocolpolicy (SSHblock, FTPblock)

Sensor actionblock withregularIP/protocolpolicy (SSHblock, FTPblock)

Basic networkcontrol

FP-6.1-JP-27

PassedVerify Sensoraction blockwith URL(blockfacebook.com&Other Websites

Sensor actionblock with URLblockfacebook.com&Other Websites

URL FilteringFP-6.1-JP-28

PassedVerify Sensoraction blockwith URL /webcat policy (blockfacebook.com,block categorygambling)

Sensor actionblock with webcat policy (blockfacebook.com,block categorygambling)


PassedVerifying theFiresightManagementCenterConfiguration&Device adding

Verifying theFiresightManagementCenterConfiguration&Device adding&URLFilteringbased on theCloud Serives


PassedCheckFileFiltering Policy& Detection inLive Traffic

Verifying theURL FilteringPolicy &Detection inLive Traffic




Japan

PassedConfigure ACLpolicy and usegeolocationobject

Verifying theAccess ControlPolicy usingGeolocation

Access PoliciesFP-6.1-JP-32

PassedConfigure GeoLocationObjects andcheck

Verifying theCreation of GeoLocationObjects


PassedCheckfunctionality ofAccess ControlPolicy usingMixedNetworksand Geolocation

Verifying theAccess ControlPolicy usingMixedNetworksand Geolocation


PassedSensors havingfile policyinspection on anaccess policy,and a defaultaction which isan IPS policy,causing theinlinenormalizationton the sensor totake effectpotentiallycausingconnectiondrops

Sensors havingfile policyinspection on anaccess policy


PassedApplicationBlocking andMonitoringShould beverified

Verifying theApplicationBlocking andMonitoringShare

Application,Visibility &Control

FP-6.1-JP-36

PassedQdownApplicationallowing &Monitoring

VerifyingQdownApplication


FP-6.1-JP-37

PassedVerifying theApplicationallowing andMonitoring

VerifyingTotodiskApplication


FP-6.1-JP-38



PassedQdownApplicationBlocking andMonitoring

Verifying theQdownApplicationBlocking andMonitoring


FP-6.1-JP-39

PassedTotodiskApplicationBlocking andMonitoring

Verifying theTotodiskApplicationBlocking andMonitoring


FP-6.1-JP-40

PassedRSupportRemotecall/viewApplicationBlocking andMonitoring

Verifying theRSupportRemotecall/view & WeChatApplicationBlocking andMonitoring


FP-6.1-JP-41

PassedNdriveApplicationBlocking andMonitoring

Verifying theNdriveApplicationBlocking andMonitoring


FP-6.1-JP-42

PassedCheckMicrosoftLDAP users areAllowed andBlocked usingAccess Policies

Verifying theMicrosoftLDAP users areAllowed andBlocked usingAccess Policies


FP-6.1-JP-43

PassedTo Verify thePolicies -Access Control(with SecurityIntelligence)

ConfiguringPolicies -Access Control(with SecurityIntelligence)

SecurityIntelligencefiltering

FP-6.1-JP-44

PassedCheckfunctionality ofSecurityIntelligence byObjectManagement(Blacklist)

Verifying theSecurityIntelligence byObjectManagement(Blacklist)


FP-6.1-JP-45

PassedCheckfunctionality ofSecurityIntelligence byObjectManagement(Whitelist)

Verifying theSecurityIntelligence byObjectManagement(Whitelist)


FP-6.1-JP-46



Japan

PassedConfigure andverify SI EventViews

Verifying the SIEvent Views


FP-6.1-JP-47

PassedConfigure andcheck the SIEventManagement

Verifying the SIEventManagement


FP-6.1-JP-48

PassedFile FilteringPolicy &Detection inLive Traffic

Verifying theFile FilteringPolicy &Detection inLive Traffic

File TypeFiltering

FP-6.1-JP-49

PassedVerify Fileblock - Block allpossibleHTTP/FTP filetypes withaction blockreset

File block -Block allpossibleHTTP/FTP filetypes withaction blockreset

File TypeFiltering

FP-6.1-JP-50

PassedConfigure andcheck File TypeDetection &Capture

Verifying theFile TypeDetection &Capture

File TypeFiltering

FP-6.1-JP-51

PassedCheck File TypeBlocking &Capture

Verifying theFile TypeBlocking &Capture

File TypeFiltering

FP-6.1-JP-52

PassedAdding theNGIPSv Deviceinto theFiresightManagementCenter should beverified

Adding theNGIPSv Deviceinto theFiresightManagementCenter

IPSFP-6.1-JP-53

PassedVerify the FireSight NGIPSdash board forAnalysis &Reportingwidgets,Miscellaneouswidgets,Operationswidgets.

Verifying theNGIPS DashBoard

IPSFP-6.1-JP-54



PassedConfigure andverify Creationof DefaultIntrusion Policy

Verifying theCreation ofDefaultIntrusion Policy

IPSFP-6.1-JP-55

PassedCheckDeployment ofIntrusion Policy

Deploying theIntrusion Policy

IPSFP-6.1-JP-56

PassedCheckInvestigating onthe IntrusionEvents

Investigating theIntrusion Events

IPSFP-6.1-JP-57

PassedConfigureUser-CreatedPort Variable inan IntrusionRule

Verifying theUser-CreatedPort Variable inan IntrusionRule

IPSFP-6.1-JP-58

PassedVerify SuppressIntrusion Rulesusing a Variable

SuppressIntrusion Rulesusing a Variable

IPSFP-6.1-JP-59

PassedVerifySensorIPS policies,with somepermit/denyaccess policieson the sensor inASA

Sensors havingConnectivityover securityIPS policy withsomepermit/denyaccesspolicies

IPSFP-6.1-JP-60

PassedCheck thefunctionality ofSensors havingBalancedconnectivity andsecurity IPSpolicy withsome permit/deny accesspolicies

Sensors havingBalancedconnectivity andsecurity IPSpolicy withsome permit/deny accesspolicies

IPSFP-6.1-JP-61

PassedNmapremediationmodule creationand create nmapinstance inFiresight.

Verify Nmapscan remediationmodule creation

IPSFP-6.1-JP-62



Japan

PassedRegionalSpecific Inputsin Nmapremediationmodule creationand create nmapinstance inFireSIGHTName,Descriptionfields

Verify RegionalSpecific inputsin Nmap scanremediationmodule creation

IPSFP-6.1-JP-63

PassedConfigurepolicies andcheck the Scanresults in viewpage.

Verify viewscan results inNmap scanremediationmodule

IPSFP-6.1-JP-64

PassedDownloadingScan results inXML formatand view in thelocal machine.

VerifyDownloadingscan results inNmap scanremediationmodule

IPSFP-6.1-JP-65

PassedDownloadingScan results inXML formatand view in thelocal machine inBrowser.

VerifyDownloadingscan results inNmap scanremediationmodule inBrowser

IPSFP-6.1-JP-66

PassedVerify byadding virtualNGIPS intoDefense centerand try to editthe interfaces topassive mode.

Verify addingNGIPS interfacein passive mode

IPSFP-6.1-JP-67

PassedVerify byadding virtualNGIPS intoDefense centerand try to editthe interfaces toinline mode.

Verify addingNGIPS interfaceinline mode

IPSFP-6.1-JP-68



PassedVerify byadding virtualNGIPS intoDefense centerand try to createinline set andadd availableinterfaces tocreated set.

Verify addingNGIPS interfaceinline set

IPSFP-6.1-JP-69

PassedVerify byadding virtualNGIPS intoDefense centerand try to createinline set andselect failsafebypass mode.

Verify addingNGIPS interfaceinline setFailsafe bypassmode.

IPSFP-6.1-JP-70

PassedVerify byadding virtualNGIPS intoDefense centerand try to createinline set andselect failsafeNon-bypassmode.

Verify addingNGIPS interfaceinline setFailsafeNon-bypassmode.

IPSFP-6.1-JP-71

PassedVerify creationof intrusionpolicy over basepolicy or createcustom policyand mangeRules associatedwith that policy.

Verify creationof Intrusionpolicy andManage BasePolicy, rules.

IPSFP-6.1-JP-72

PassedVerify creationof custom rule,rule importing,Editing theexisting rule.

Verify each andevery option inRule Editor inIntrusion.

IPSFP-6.1-JP-73

PassedConfigurecustom rule inrule editor.

Verify creationof new rule inrule editor.

IPSFP-6.1-JP-74

PassedCheck theassociation ofnew rule withthe intrusionpolicy.

Verifyassociation ofnew rule withthe intrusionpolicy

IPSFP-6.1-JP-75



Japan

PassedCheck theassociation ofFireSIGHTrecommendationsrules with theintrusion policy.

Verifyassociation ofFireSIGHTrecommendationsrules with theintrusion policy.

IPSFP-6.1-JP-76

PassedConfigureHealth andSystem Policy

Verifying theHealth andSystem Policy

Health andSystem Policy

FP-6.1-JP-77

Passedconfigurepre-processorthat applyglobally to allintrusionpolicies on adevice

Create anAccess ControlPolicy withAdvancedSettings.

SimplifiedNormalizationConfiguration

FP-6.1-JP-78

Passedconfigurepreprocessors tobe used inspecific trafficscenarios, notacrossallintrusionevents.

Apply a Policywith CustomNetworkAnalysis Rules


FP-6.1-JP-79

PassedIntrusion Policyto a device

Apply anUpdatedIntrusion Policyto a Device.


FP-6.1-JP-80

PassedCreate a localrule thatmatches asupported filetype for FilePolicies, e.g.,PDF files.

Match a SingleFile Type.

File Type ID forIPS Rules

FP-6.1-JP-81

PassedCreate a localrule to block asupported filetype for FilePolicies, e.g.,PDF files.

Block a SingleFile Type


FP-6.1-JP-82

PassedCreate a localrule thatmatches PDFfiles of version1.4, 1.5 or 1.6.

Match SpecificVersions of PDFFiles.


FP-6.1-JP-83



PassedSelect multiplefile types. Forexample, createa local rule thatmatches severalfile types, forexample, PDFversion 1.6, ZIP,and SWF.

Match MultipleFile Types.


FP-6.1-JP-84

PassedCreate a localrule thatmatches a FileGroup.

Match a FileGroup


FP-6.1-JP-85

PassedFile Events aregenerated on thefiles identifiedin an archivefile.

Detect Files inArchive Files.

Network AMPArchive FileSupport

FP-6.1-JP-86

PassedAn archive fileis blocked whena file containedin it matches aBlock Files FilePolicy Rule.Here, in order toperform archiveinspection, donot add archivesupported filetypes in file rule.

Block Files inArchive Files


FP-6.1-JP-87

PassedArchives whichcontainmalwaregenerate twoMalware events:the malware fileidentified in thearchive and thearchive itself.

IdentifyArchivesContainingmalware.


FP-6.1-JP-88

PassedArchives whichcontainmalwareare blockedwhen the “BlockMalware” actionis configured.

Block ArchiveFiles containingMalware


FP-6.1-JP-89



Japan

PassedArchives whichcontainmalwareare blockedwhen the “BlockMalware” actionis configured.

Block ArchiveFiles ContainingMalware


FP-6.1-JP-90

PassedAn “evasivearchive” is anarchive speciallycreated to hideits contents,includingarchive filenesting (i.e., anarchive filecontainingarchive files)and built-inencryptionfeatures.

Block EvasiveArchive Files


FP-6.1-JP-91

PassedCreating Sourceand DestinationCountry inConnectionEvents andConnectionTracker

Source andDestinationCountry inConnectionEvents andConnectionTracker

GeolocationAnd SecurityIntelligenceCategory InCorrelationRules

FP-6.1-JP-92

PassedCreating aSecurityIntelligenceCategory inConnectionEvents

SecurityIntelligenceCategory inConnectionEvents


FP-6.1-JP-93

PassedCreatingDestinationCountry inIntrusion Events

DestinationCountry inIntrusion Events


FP-6.1-JP-94

PassedCreating aDestinationCountry inMalwareEvents.

DestinationCountry inMalwareEvents.


FP-6.1-JP-95



PassedCreating aSource Countryin TrafficProfiles

Source Countryin TrafficProfiles.


FP-6.1-JP-96

PassedCreatingSecurityIntelligenceCategory intraffic Profiles

SecurityIntelligenceCategory inTraffic Profiles.


FP-6.1-JP-97

PassedVerifyingSetting a HostIOC for aspecificFireAMP IOCtype

Setting a HostIOC for aspecificFireAMP IOCtype

Additional IOCsfor HostCorrelation(FireAMP only)

FP-6.1-JP-98

PassedCheck DisableSetting a HostIOC for aspecificFireAMP IOCtype

Disable Settinga Host IOC for aspecificFireAMP IOCtype

Additional IOCsfor HostCorrelation(FireAMP only)

FP-6.1-JP-99

PassedVerifying theCaptures of theSame EmailAttachmentmultiple Times

Capturing thesame emailattachmentmultiple times

Protocol-AwareStreamReassembly forSMTP, POP3 &IMAP

FP-6.1-JP-100

PassedVerifying theCapture avariety of filesizes and types

Capture avariety of filesizes and types

NSS Support forFlash/PDF

FP-6.1-JP-101

PassedCheck thefunctionality ofNetworkPayloadDetection

Verifying theNetworkPayloadDetection


FP-6.1-JP-102

PassedExtendedX-Forward forHTTP GetRequest

Verifying theExtendedX-Forward forHTTP GetRequest


FP-6.1-JP-103



Japan

PassedNetworkpayloaddetection basedon SWF andPDF

Verifying thenetwork payloaddetection basedon SWF andPDF


FP-6.1-JP-104

PassedConfigure Tableview of FileEvents

Verifying theTable view ofFile Events

UnicodeFilenameSupport

FP-6.1-JP-105

PassedCheck thefunctionality ofExternalization

Verifying theExternalization


FP-6.1-JP-106

PassedCheck thefunctionality ofeStreamer

Verifying theeStreamer


FP-6.1-JP-107

PassedCheck Upgradefrom PreviousRelease

Verifying theUpgrade fromPreviousRelease

MultipleManagementInterfaces

FP-6.1-JP-108

PassedConfiguration ofmore than oneManagementInterface

Verifying theConfiguration ofmore than oneManagementInterface


FP-6.1-JP-109

PassedConfiguration ofStatic routes

Verifying theConfiguration ofStatic routes


FP-6.1-JP-110

PassedCheck thefunctionality ofSplitManagementand EventTraffic

Verifying theSplitManagementand EventTraffic


FP-6.1-JP-111

PassedInstallation of5.4 SourceFireDefense Center

Verifying theInstallation of5.4 SourceFireDefense center

Installation/UpgradeFP-6.1-JP-112

PassedVerifying theUpdate ofDefense Centerfrom Version5.3 to 5.4

To Verify theUpdating ofManagedDevices


PassedVerifying theSRU, VDB, andGeoDBUpgrades

To Verify theUpdating ofManagedDevices




PassedConfigue andapply License tothe DefenseCenter

Verifying theLicense apply tothe DefenseCenter

LicenseingFP-6.1-JP-115

PassedEach sensingappliance (i.e.,ASA, virtualsensor, physicalsensor) musthave a licenseassociated withit on the DC

ApplyingLicenses toSensingDevices

LicenseingFP-6.1-JP-116

PassedVerifying theHost name fromDNS

Host Name fromDNS

APP IDEnchancements

FP-6.1-JP-117

PassedVerifying theApplicationProtocolIdentificationfrom TCP,UDP& Other IPProtocols

ApplicationProtocolIdentificationfrom TCP port,UDP port, andother IPprotocols

APP IDEnchancements

FP-6.1-JP-118

PassedVerifying theUser ID fromApplications

User ID fromApplications

APP IDEnchancements

FP-6.1-JP-119

PassedVerifying theAPP IDconfiguration

Verifying theAPP ID fromadditionalHTTPMetadata

APP IDEnchancements

FP-6.1-JP-120

PassedVerifying theNewConnectionlog fields

NewConnectionlog fields

APP IDEnchancements

FP-6.1-JP-121

PassedConfigure andcheck eventviewer inDefense centershows theVLAN Taginformation

Verifying thatthe event viewerin Defensecenter shows theVLAN Taginformation

VLAN TagInformation

FP-6.1-JP-122



Japan

PassedChecking theevent viewer inDefense centershows theVLAN Taginformationaccording to thetraffic flow.

Verifying thatthe event viewerin Defensecenter shows theVLAN Taginformationaccording to thetraffic flow.

VLAN TagInformation

FP-6.1-JP-123

PassedCheck eventviewer inDefense centershows theVLAN Taginformationaccording to thetraffic flowaction.

Verifying thatthe event viewerin Defensecenter shows theVLAN Taginformationaccording to thetraffic flowaction.

VLAN TagInformation

FP-6.1-JP-124

PassedConfigureReporting &ReportGeneration onthe Firesight

Verifying theReporting &ReportGeneration onthe Firesight

AutomationAnalysis

FP-6.1-JP-125

PassedCheck if withactions=copy, auser can create aNAT policy inthe currentdomain bycopying a NATpolicy in itsparent/currentdomain.

Copying NATpolicy in thecurrent domainfrom itsParent/currentdomains

DeviceManagement

FP-6.1-JP-126

PassedUser should beable to view aNAT policyreport from itsparent/currentdomain withoutany errors orexceptions

NAT policyreportgeneration fromparent/currentdomain.

DeviceManagement

FP-6.1-JP-127



PassedCheck if withactions-apply, auser can applyNAT policy intheparent/currentdomain toappropriatedevice.

Applying NATpolicy in thedomain todevice

DeviceManagement

FP-6.1-JP-128

PassedNAT policylisting pageshould show thedevices targetedby NAT policiesafter targetingthe NAT policyto device

Test to check ifdevice can betargeted by onlyone NAT policy

DeviceManagement

FP-6.1-JP-129

PassedVerify OSPFrouting withRBAC

OSPF routingwith RBAC

DeviceManagement

FP-6.1-JP-130

PassedTest DCupgrade fromChivas releaseto Dramquilarelease

Upgrade fromChivas Release

DeviceManagement

FP-6.1-JP-131

PassedAccess Policyrules configuredwith action asBlock withReset

Capture Traceoutput withAccess Policyrules configuredwith actionInteractiveBlock

PACKETTRACER

FP-6.1-JP-132

PassedAccess Policyrules configuredwith action asInteractiveBlock

Capture Traceoutput withAccess Policyrules configuredwith actionInteractiveBlock withReset

PACKETTRACER

FP-6.1-JP-133

PassedAccess Policyrules configuredwith URLBlocking

Capture Traceoutput forAccess Policyrules configuredwith URLBlocking

PACKETTRACER

FP-6.1-JP-134



Japan

PassedAccess Policyrules configuredwith URLMonitor

Capture Traceoutput forAccess Policyrules configuredwith URLMonitor

PACKETTRACER

FP-6.1-JP-135

PassedAccess Policyrules configuredwith AppBlocking

Capture Traceoutput forAccess Policyrules configuredwith AppBlocking

PACKETTRACER

FP-6.1-JP-136

PassedAccess Policyrules configuredwith AppMonitor

Capture Traceoutput forAccess Policyrules configuredwith AppMonitor

PACKETTRACER

FP-6.1-JP-137

PassedFile packagingon FirepowerNGFW

Verify cgroupconfig filepackaging onFirepowerNGFW

C/GroupsMemory Map

FP-6.1-JP-138

PassedFile packagingon SF Sensor

Verify cgroupconfig filepackaging on SFSensor

C/GroupsMemory Map

FP-6.1-JP-139

PassedFile packagingon ManagementCenter

Verify cgroupconfig filepackaging onManagementCenter

C/GroupsMemory Map

FP-6.1-JP-140

PassedCreation of aCaptive PortalIdentity Rule

Verify theCreation of aCaptive PortalIdentity Rule

Captive PortalFP-6.1-JP-141



PassedVerify the UIwhen creating aCaptive PortalIdentity Rule,with Active authfallback.1.Create at least 1AD domain(configure ADserversthemselves)2.Configure realmand directory inSFR whichmatch theservers createdabove

Creating aCaptive PortalIdentity Rule,with Active authfallback




Japan

PassedIdentity Rulesshould bereordered1.Apply platformand featurelicenses.2. Ifnecessary, createat least 1 ADdomain(configure ADserver itself)3.Configure realmand directory inSFR whichmatch the servercreated above.4.Create anidentity policyand createseveral identityrules, includingPassive Auth,Active Auth(Captive Portal)and NoAuthentication.Also create asecond identitypolicy with afew rules.5.Create an ACRule and attachthe first Identitypolicy to it.Choose anaction that’s theopposite of theDefault Rule.

Verify IdentityRules can bereordered




PassedCaptive Portalidentity rules,identity policyshould becopied1. Applyplatform andfeaturelicenses2. Ifnecessary, createat least 1 ADdomain(configure ADserver itself)3.Configure realmand directory inSFR whichmatch the servercreated above.4.Create anidentity policycontainingseveral captiveportal identityrules.5. Createan AC Rule andattach theIdentity policyto it. Choose anaction that’s theopposite of theDefault Rule.

Verify CaptivePortal identityrules, when anidentity policy iscopied


PassedCaptive portalrules in identitypolicy reportsshould begenerated.1. Ifnecessary, createat least 1 ADdomain(configure ADserver itself)2.Configure realmand directory inSFR whichmatch the servercreated above.

VerifyGeneratingReports oncaptive portalrules in identitypolicy




Japan

PassedEnd to Endfunctionalityshould beanalyzed forHTTP BasicAuthentication

Verify End toEndfunctionality forHTTP BasicAuthentication


PassedEnd to Endfunctionalityshould be testedfor NTLMauthentication

Verify End toEndfunctionality forNTLMauthentication


PassedEnd to Endfunctionality forKerberosauthentication

Verify End toEndfunctionality forKerberosauthentication


PassedZones,Networks, andPorts should beused in CaptivePortalauthenticationPolicy

Verify thatZones,Networks, andPorts can beused in CaptivePortalauthenticationPolicy


PassedVlans can beadded in a ruleand used inCaptive Portalauthenticationpolicy

Verify thatVlans can beadded in a ruleand used inCaptive Portalauthenticationpolicy


PassedMinimumTimeout lengthof user sessions(both passiveand CaptivePortal) shouldbe tested.

VerifyminimumTimeout lengthof user sessions(both passiveand CaptivePortal


PassedFailedAuthenticationTimeout settingshould be tested

Verify FailedAuthenticationTimeout setting




PassedMaximumAuthenticationAttempts shouldbe set in thesetting

VerifyMaximumAuthenticationAttempts setting


PassedCreate policy indomainA.Create Secondpolicy thatinherits from thefirst one.PolicyInheritance andobject aredeployedcorrectly -within singledomain on samesystem.

PolicyInheritance andobject - withinsingle domainon same system

IMPORT-EXPORTFP-6.1-JP-154

PassedCreate policy indomainA.Create Secondpolicy thatinherits from thefirst one.PolicyInheritance andobject aredeployedcorrectly -within singledomain on adifferent system.

PolicyInheritance andobject - withinsingle domainon a differentsystem


PassedCreate policy indomainA.Create Secondpolicy in the subdomain A thatinherits from thefirst one andexport thepolicy.PolicyInheritance andobject aredeployedcorrectly - fromdifferentdomains on thesame system.

PolicyInheritance andobject - fromdifferentdomains on thesame system




Japan

PassedCreate object indomain A andcreate ACPolicy that usesthe object.CreateSecond policy insub domain Athat inheritsfrom the firstone.Parentpolicy can beexported if childpolicy usesparent policyobjects

Parent policycan be exportedif child policyuses parentpolicy objects


PassedCreate Healthpolicy in domainA.Export thepolicy andverify it.

Health Policy onthe same systemin a singledomain


PassedCreate Healthpolicy in domainA and Exportit.Import thepolicy in theSecond DC andverify it.

Health Policy ona differentsystem in asingle domain


PassedCreate Healthpolicy in domainA and Exportit.Import it inDomain B, Editand reimport it.

Health Policyfrom differentdomains on thesame system


PassedCreate intrusionpolicy inDomainA.Export it andmake changes tothe intrusionpolicy. Import itand Verify.

Intrusion Policyon the samesystem in asingle domain




PassedCreate intrusionpolicy inDomainA.Export it andmake changes tothe intrusionpolicy. Import itin your SecondDC and thenreimport andVerify.

Intrusion Policyon a differentsystem in asingle domain


PassedCreate intrusionpolicy inDomainA.Export thepolicy.Import itin Domain Band verify it.

Intrusion Policyfrom differentdomains on thesame system


PassedCreate customtable in DomainA.Export thecustom tableEditand thenreimport andverify it.

Custom Tableon the samesystem in asingle domain


PassedCreate customtable in DomainA.Export thecustomtable.Import it inSecond DC,reimport andVerify it.

Custom Tableon a differentsystem in asingle domain


PassedCreate customworkflow inDomainA.Export thecustomworkflow.Importand Verify it.

CustomWorkflow onthe same systemin a singledomain


PassedCreate customtable in DomainA.Export thecustomtable.Import it inDomain B andedit, reimportand Verify it.

Custom Tablefrom differentdomains on thesame system




Japan

PassedCreate customworkflow inDomainA.Export thecustomworkflow.Importit in Second DCand edit,reimport andVerify it.

CustomWorkflow on adifferent systemin a singledomain


PassedCreate customworkflow inDomainA.Export thecustomworkflow.Importit in Domain Band edit,reimport andVerify it.

CustomWorkflow fromdifferentdomains on thesame system


PassedCreate widget inDomainA.Export thewidget.Importand Verify it

DashboardWidget on thesame system ina single domain


PassedCreate widget inDomainA.Export thewidget.Import itin Second DCand edit,reimport andVerify it.

DashboardWidget on adifferent systemin a singledomain


PassedCreate widget inDomainA.Export thewidget.Import itin Domain Band edit,reimport andVerify it.

DashboardWidget fromdifferentdomains on thesame system


PassedCreate user rolein DomainA.Export theuser role.Importand Verify it.

User Role on thesame system ina single domain




PassedCreate user rolein DomainA.Export theuser role.Importit in Second DCand edit,reimport andverify it.

User Role on adifferent systemin a singledomain


PassedCreate user rolein DomainA.Export theuser role.Importit in Domain Band edit,reimport andverify it.

User Role fromdifferentdomains on thesame system


PassedThis test willverify that thefireamp eventtype ThreatDetectedappears whenthe fireamp isconfigured aspart of theGlobal Domainonly and hostsin the networkmap are updatedaccordingly

Verify Global -Event TypeThreat Detected

Fire AMPNetwork Maps

FP-6.1-JP-176

PassedThis test willverify that thefireamp eventtype ThreatDetectedappears whenthe fireampcloud isconfigured aspart of theDomain onlyand hosts in thenetworkmap areupdatedaccordingly.

Verify FireAMPDomain - EventType ThreatDetected


FP-6.1-JP-177



Japan

PassedThis test willverify that thefireamp eventtype ThreatDetectedappears whenthe fireampcloud isconfigured aspart of the SubDomain onlyand hosts in thenetworkmap areupdatedaccordingly.

Verify FireAMP- Sub Domain -Event TypeThreat Detected


FP-6.1-JP-178


Verify FireAMP- Sub Domain -Event TypeThreat Detectedand update inNetwork map


FP-6.1-JP-179


Verify FireAMP- Sub Domain -Event TypeThreat Detectedandvulnerabilitydetails withupdate innetwork maps


FP-6.1-JP-180



PassedConfigure theFireAMP cloudon multiple subdomains andhosts in thenetworkmap areupdatedaccordingly

Verify theConfiguration ofsame Cloud onmultipleDomains


FP-6.1-JP-181

PassedThis will verifythat you canconfigure theFireAMP cloudon multiple subdomains andhosts in thenetworkmap areupdatedaccordingly

Verify theConfiguration ofsame Cloud onmultipleDomains


FP-6.1-JP-182

PassedDownloadingthe AC PolicyPDF Report

Creating an ACPolicy anddownload thePDF for thepolicy.

Policy PDFReport Drop

FP-6.1-JP-183

PassedDownloadingthe AC Policycreated withname inJapanesePDFReport

Creating an ACPolicy withJapanese Nameand downloadthe PDF for thepolicy.


FP-6.1-JP-184

PassedDownloadingthe IntrusionPolicy PDFReport

Creating anIntrusion Policywith JapaneseName anddownload thePDF for thepolicy


FP-6.1-JP-185

PassedLogging inbrings you to theASA CLI

Console andSSH loginshould be atASA CLI

CLI ACCESSFP-6.1-JP-186

PassedSnort commandshould beverified bydifferent traffic

show snort (withtraffic)




Japan

PassedIPV4 networkaddress shouldbe configuredmanually

CLI Access - SFCLI - Configure- network ipv4manual


PassedFirewall enginedebug commandshould be testedby differenttraffic

CLI Access - SFCLI - systemsupportfirewall-engine-debug


PassedCreate twoidentical ruleswith networksdefined. Ensurethe second rulehas awarning.Edit thefirst rule andadd a sourceport. Ensure thesecond rule doesnot have awarning.

Source Port inAC - RuleEditor -Warning Msg -For preemptedrule

NGFWLICENSING

FP-6.1-JP-190

PassedApply a policywhich haswarningsindicatinginvalid portcombinations.Theseinvalidcombinationsshould beomitted from theNGFW rulesfile.This testscenario isapplicable onlyfor Firepowerdevices.

Rule Editor -WarningMessage - whenonly Protectlicense isapplied tabsunder rule editorshould showwarning icons.

NGFWLICENSING

FP-6.1-JP-191

PassedThis test caseneeds to beexecuted in bothFirepower andNGFW device.

Source Port inAC - RuleEditor -Warningmessage forinvalid src portwhen policyapplied fromaccess controlpolicy list page

NGFWLICENSING

FP-6.1-JP-192



PassedAdd a device tothe DC Createtwo identicalPolicies and addrules.SelectLocal Object tothe parent Policyand deploy todevice. Ensurethe Policyoverride forhttp, intrusionand file policy.

Policy Overridefor http,Intrusion andFile policy

ZONESUPPORT

FP-6.1-JP-193

PassedAdd a device tothe DC Createtwo identicalPolicies and addrules.Select theoption Filter byDevice. Verifythe filterfunctionality.

Filter By Deviceon Access Rulestable

ZONESUPPORT

FP-6.1-JP-194

PassedDeployment ofaggregated ruleshould workfine. Trafficshould besuccessfullypassed.

Deployment ofAggregatedrules

ZONESUPPORT

FP-6.1-JP-195

PassedCreate a NewapplicationDetector

OpenAVC-TestingGeneral Layoutand Create newapplicationDetector

OPEN AVCFP-6.1-JP-196

PassedCreate NewapplicationDetector with noname

OpenAVC -Testing GeneralLayout andCreateapplicationDetector with noname


PassedCreate a NewapplicationDetector with noDescription

OpenAVC -Testing GeneralLayout andCreate a NewapplicationDetector with noDescription




Japan

PassedCreate a NewapplicationDetector with noApplicationProtocol isselected

OpenAVC –Testing GeneralLayout andCreate a NewapplicationDetector with noApplicationProtocol isselected


PassedCreate a Newapplicationdetector.DetectorDetects theDuplicate Nameand withapplicationprotocol: 9P.

OpenAVC -Testing GeneralLayout andCreate a NewapplicationDetector theDuplicate Name:


PassedTesting Generaland Create NewapplicationDetector: Editexist Name"OpenAVC100"to"OpenAVC777"

OpenAVC -Testing GeneralLayout andCreate NewapplicationDetector: Editexist Name


PassedCreate a NewapplicationDetector: Editexist descriptionfrom"OpenAVC isgood" to "OpenAVC issimilar toOpenAppID"

OpenAVC -Testing GeneralLayout andCreate NewapplicationDetector: Editexist description


PassedCreate a NewapplicationDetector andchange existapplicationprotocol todifferent

Create a NewapplicationDetector: changeexist applicationprotocol todifferent




PassedSimple importdetector: CreateView for"ApplicationEditor " Nameand Descriptionfield

OpenAVC -Testing userimport detector:Create View for"ApplicationEditor” Nameand Descriptionfield on SimpleDetector.


PassedCustom importdetector: CreateView for"ApplicationEditor " Nameand Descriptionfield

OpenAVC -Testing userimport detector:Create View for"ApplicationEditor " Nameand Descriptionfield on CustomDetector


PassedSimple importdetector: CreateView for"ApplicationEditor " forBusinessRelevance: asVery Low, Low,Medium andHigh Very

OpenAVC-Testing userimport detector:Create View for"ApplicationEditor " OnSimple Detectorfor BusinessRelevance


PassedCustom importdetector: CreateView for"ApplicationEditor " forBusinessRelevance: asVery Low, Low,Medium andHigh Very

OpenAVC-Testing UI anduser importdetector: CreateView for"ApplicationEditor " OnCustomDetector forBusinessRelevance


PassedSimple importdetector: CreateView for"ApplicationEditor "Categories

OpenAVC-Testing userimport detector:Create View for"ApplicationEditor "Categories onSimple Detector




Japan

PassedCustom importdetector: CreateView for"ApplicationEditor "Categories

OpenAVC-Testing userimport detector:Create View for"ApplicationEditor "Categories onCustomDetector:


PassedSimple importdetector: CreateView for"ApplicationEditor " Tags

OpenAVC-Testing userimport detector:Create View for"ApplicationEditor " Tags onSimple Detector


PassedCustom importdetector: CreateView for"ApplicationEditor " Tags

OpenAVC-Testing userimport detector:Create View for"ApplicationEditor " Tags onCustomDetector


PassedAdding thedevices in thedevicemanagement

Add the HADevice in theFTD.

Configuration /Set up of HA ofFirepowerThreat Defense

FP-6.1-JP-212

PassedTo add HighAvailability Pairverifying thereis havingenough devicesin the devicemanagement.

Check enoughdevices to addHighAvailability Pair


FP-6.1-JP-213

PassedIf there is nothaving enoughdevices, add onemore device inthe DeviceManagement

Check if thereare no enoughdevices, how toadd highAvailability.


FP-6.1-JP-214



PassedCheck if theHighAvailability canbe addedsuccessfully onDeviceManagement forFirepowerThreat Defense.

Create HighAvailability forFirepowerThreat Defense


FP-6.1-JP-215

PassedTo add HighAvailabilityPair, verifyingdevices arecompatible inthe devicemanagement.

Verifying thedevices arecompatible toadd HighAvailability Pair


FP-6.1-JP-216

PassedEnsure twodevices areavailable.If twodevices are notcompatiblemake thechanges wherewe needed andclicks continueto add HighAvailability.

Verify thatdevices are notcompatible, howto add Highavailability pair.


FP-6.1-JP-217

PassedCheck if theHighAvailability Paircan beconfiguredsuccessfully byLAN FailoverLink andStateful FailoverLink.

HighAvailability Pairconfigurationfor FirepowerThreat Defense


FP-6.1-JP-218

PassedCheck if theLAN Failoverand StatefulLink Interfacescannot beedited.

LAN Failoverlink/Stateful linkinterface cannotbe edited.


FP-6.1-JP-219

PassedCheck if theFailover LinkInterfacescannot bemonitored.

Failoverinterface cannotbe monitored.


FP-6.1-JP-220



Japan

PassedCheck if HighAvailability Pair- Bootstrapconfigurationdeploys Primaryand Secondarynodessuccessfully.

HighAvailability –Bootstrapconfiguration


FP-6.1-JP-221

PassedCheck ifInterfaceMonitoring canbeEnabled/Disabledfor HighAvailability.

Enable/DisableInterfaceMonitoring forHighAvailability


FP-6.1-JP-222

PassedVerifying theFailoversstatistics in theFTD HA

Verifying theFailoversstatistics in theFTD HA


FP-6.1-JP-223

PassedCheck ifFailover TriggerCriteria can beedited for HighAvailability.

HighAvailability –Failover TriggerCriteria


FP-6.1-JP-224

PassedCheck if theInterface MACAddresses canbe Added forActive andStandby HighAvailability.

ConfigureInterface MACAddress forActive andStandby HighAvailability.


FP-6.1-JP-225

PassedCheck if theFailoverStatistics list outthe statistics onHighAvailability.

FailoverStatistics onHighAvailability


FP-6.1-JP-226

PassedCheck ifFailover Historycan besuccessfullyviewed onSummary

Failover Historyon Summary


FP-6.1-JP-227



PassedCheck if Devicecan SwitchbetweenActive/Standbyon HighAvailabilityPair.

SwitchActive/Standbyon Devices


FP-6.1-JP-228

PassedCheck if HighAvailability canBreaksuccessfully onDevices

Break FirepowerThreat DefenseHighAvailabilityPair.


FP-6.1-JP-229

PassedCheck if Deleteoperation can beperformedsuccessfully onHighAvailabilityPair.

DeleteFirepowerThreat DefenseHighAvailabilityPair.


FP-6.1-JP-230

PassedCheck the snortflow byrebooting theActive device

Snort flowduring Activedevice down

Snort flowDuring Failover

FP-6.1-JP-231

PassedCheck the snortflow byrebooting theStandby device.

Snort flowduring Standbydevice down


FP-6.1-JP-232

PassedCheck the trafficflow duringActive UnitPhysicalinterface isdown.

Snort flowduring Activedevice physicalinterface down


FP-6.1-JP-233

PassedCheck the trafficflow duringStandby UnitPhysicalinterface isdown.

Snort flowduring Standbydevice physicalinterface down.


FP-6.1-JP-234

PassedCheck if theEvents tabshows trafficflow whenActive unit isdown

Verify Eventswhen Activeunit is down


FP-6.1-JP-235



Japan

PassedCheck if theEvents tabshows trafficflow whenActive unitphysicalinterface isdown.

Verify theEvents duringActive devicephysicalinterface down


FP-6.1-JP-236

PassedCheck if theEvents tabshows trafficflow whenStandby unitphysicalinterface isdown.

Verify theEvents duringStandby devicephysicalinterface down.


FP-6.1-JP-237

PassedCheck if theEvents tabshows trafficflow whenActive unit isdown.

Verify Eventswhen Standbyunit is down.


FP-6.1-JP-238

PassedCreate a rule inac policy, applyand kill the snortprocess 50%Snort processes


FP-6.1-JP-240

PassedCreate a rule inac policy, applyand kill the snortprocess. Andrestart the snortprocess.

Failover andFailback afterkilling Snort andrestarting onActive member


FP-6.1-JP-241

PassedHA pairrediscoveryfailure whenSnort is downon Secondarymember

HA pairrediscoveryfailure whenSnort is downon Secondarymember


FP-6.1-JP-242



PassedCreating HAPair and passingthe traffic flow.

HA creationwith datainterfaces asredundantinterfaces.

Operations forHA ofFirepowerThreat Defense

FP-6.1-JP-243

PassedCreating HAPair withport-channelinterface andpassing thetraffic flow.

HA creationwith datainterfaces asPort-channelinterfaces.


FP-6.1-JP-244

PassedCheck themessage forerror conditionduring breakoperation

Message forerror conditionduring breakoperation


FP-6.1-JP-245

PassedBreak the HAPair with somepolicies existingon it

Break with dirtypolicies


FP-6.1-JP-246

PassedSwitch over theHA Pair withsome policiesexisting on it

Switch withdirty policies


FP-6.1-JP-247

PassedBreak the HAPair and swapthe devices withnewly createdHA Pair

Break and HAcreation withswapping ofdevices forprimary/secondary


FP-6.1-JP-248

PassedBreak the HAPair and createHA Pair andforce break HApair.

Break and Forcebreak even ifHA pair is intact


FP-6.1-JP-249

PassedHAconfigurationsshould beremoved fromSnort after breakoperation.

HAconfigurationare removedfrom Snort afterbreak


FP-6.1-JP-250

PassedCreate a HAPair withdifferentinterfaces anddifferent modesin the FTD

HA creationwith differentinterfaces andmodes


FP-6.1-JP-251



Japan

PassedInitiate Memoryexhaustion inthe device andcheck the trafficflow.

Memoryexhaustion ofHA device


FP-6.1-JP-252

PassedCreate HA Pairwithtransparent/routedmode and checkthe traffic flow.

HA failoverduring hightraffic rate


FP-6.1-JP-253

PassedCreate HA Pairwithtransparent/routedmode and checkthe devices inmaintenancemode.

HA failoverduring hightraffic rate


FP-6.1-JP-254

PassedCreate HA Pairwithtransparent/routedmode and checkthe failovertrigger.

Check thenon-monitoredinterface cannottrigger failover


FP-6.1-JP-255

PassedCheck thecommand “showhigh availabilityconfig”

Check “Showhigh availabilityconfig” showsthe failoverstatistics.

CLI Operationsof HA ofFirepowerThreat Defense

FP-6.1-JP-256

PassedCheck thecommand“configurehigh-availabilitydisable” andverify its output

Check“configurehigh-availabilitydisable” willremove failoverconfiguration.


FP-6.1-JP-257

PassedCheck ifconfigurehigh-availabilitydisable[clear-interfaces]CLI commentworkssuccessfully.

Configurehigh-availabilitydisable[clear-interfaces]– CLI comment


FP-6.1-JP-258



PassedCheck ifconfigurehigh-availabilitydisable CLIcomment workssuccessfully.

Configurehigh-availabilitysuspend – CLIcomment


FP-6.1-JP-259

PassedVerifying“configurehigh-availabilitysuspend[clear-interfaces]”are temporarilydisable failoverconfiguration.

Verifying“configurehigh-availabilitysuspend[clear-interfaces]”are temporarilydisable failoverconfiguration.


FP-6.1-JP-260

PassedVerifying“configurehigh-availabilityresume” enableback failoverconfiguration ondevice whichwas suspendedby temporarily.

Verifying“configurehigh-availabilityresume” enableback failoverconfiguration ondevice whichwas suspendedby temporarily.


FP-6.1-JP-261

PassedVerify theupgradationProcess

Verify theUpgradation ofthe FTD HAPair.

Upgrading FTDin HA

FP-6.1-JP-262

PassedCheck theInstallation ofFTD HA PairUpdates.

InstallingUpdates forFTD HA Pair

Upgrading FTDin HA

FP-6.1-JP-263

PassedVerifyUploading theFTD HA PairUpdates.

UploadingUpdates forFTD HA Pair

Upgrading FTDin HA

FP-6.1-JP-264

PassedUploading theFTD HA PairUpdates statusverification.

Statusverification afterUploading theUpdates forFTD HA Pair

Upgrading FTDin HA

FP-6.1-JP-265

PassedVerifydiagnostic clisub options fortroubleshooting

Diagnostic clisub options fortroubleshooting

TroubleshootingHA ofFirepowerThreat Defense

FP-6.1-JP-266



Japan

PassedConfigureFailover andverify its output

Failover statecommandshould beanalyzed


FP-6.1-JP-267

PassedConfigureFailover andverify itsHistory.

Failover historyshould beanalyzed


FP-6.1-JP-268

PassedConfigureFailover andverify itspossible statechange reasons.

State ChangeReasons


FP-6.1-JP-269

PassedConfigureFailover andverify itsOutput.

show failoverstatisticscommandshould beanalyzed


FP-6.1-JP-270

PassedConfigureFailover andverify its Outputin the interfaces.

Show failoverinterfacescommandshould beanalyzed


FP-6.1-JP-271

PassedConfigureFailover andverify its Outputin the interfaces.

Show failoverinterfacescommandshould beanalyzed


FP-6.1-JP-272

PassedConfigureFailover andverify the clicommand.

Show failovercommandshould beanalyzed


FP-6.1-JP-273

PassedConfigureFailover, verifythe clicommand, andverify theInterface statesfor the Failover.

Failoverinterface Statesshould beanalyzed


FP-6.1-JP-274

PassedVerify theupgradationProcess

Enable FTD-HAsmart license fora registered HApair from SmartLicensing pageafter creatingFTD-HA pair.

Licensing HAFP-6.1-JP-275



PassedFTD-HA pairwith Primaryand Secondaryhaving differentStandaloneSmart Licenses.

Create FTD-HApair withPrimary andSecondaryhaving differentStandaloneSmart Licenses.


PassedSmart Licenseinformation ispersistent overFailover.

FTD-HA SmartLicenseinformation ispersistent overFailover.


PassedVerify theProcess ofFTD-HA SmartLicenseinformation ispersistent overFailover andFallback

FTD-HA SmartLicenseinformation ispersistent overFailover andFallback


PassedVerify theprocess ofFTD-HA SmartLicenseinformation ispersistent afterreboot.

FTD-HA SmartLicenseinformation ispersistent afterreboot.


PassedFTD-HAlicenses arereturned tosmart Cloud.

Delete FTD-HApair and verifythat FTD-HAlicenses arereturned tosmart Cloud.


PassedDelete FTD-HApair

Delete FTD-HApair and verifythat FTDstandalonedevice getsoriginalLicenses back




Japan

PassedFTD-HAlicenses arereturned tosmart Cloud.

Delete FTD-HApair afterswitchover andverify thatFTD-HAlicenses arereturned tosmart Cloud.


PassedStand-alonelicense to aFTD-HA pair.

Applystand-alonelicense to aFTD-HA pair.


PassedFTD-HA licenseto a stand-aloneFTD device

Apply FTD-HAlicense to astand-alone FTDdevice.


PassedThis test willverify the list ofIPv4/ IPv6addressesmanually

Verify the Geolookup- enterlist of IPv4/IPv6 addressesmanually

User-requestedGeolocationlookup for IPs

FP-6.1-JP-285

PassedThis test willverify the list ofvalid and invalidIPv4/ IPv6addressesmanually

Verify the Geolookup- enterthe list of validand invalidIPv4/ IPv6addressesmanually


FP-6.1-JP-286

PassedThis test willverify theNumeric,Characters &Alphanumericas Input

Verify the Geolookup-Numeric,Characters &Alphanumeric


FP-6.1-JP-287

PassedThis test willverify theWrong format ofIPv4/IPv6 asInput

Verify the Geolookup- Wrongformat ofIPv4/IPv6


FP-6.1-JP-288

PassedThis test willverify the BothIPv4 & IPv6 asgive inputalternatively.

Verify the Geolookup- BothIPv4 & IPv6 asgive inputalternatively


FP-6.1-JP-289



PassedThis test willverify theIPv4/IPv6multicastaddress as input

Verify the Geolookup-IPv4/IPv6multicastaddress


FP-6.1-JP-290

PassedThis test willverify theIPv4/IPv6 linklocal address asinput

Verify the Geolookup-IPv4/IPv6 linklocal address


FP-6.1-JP-291

PassedThis test willverify theIPv4/IPv6Loopbackaddress as input

Verify the Geolookup-IPv4/IPv6Loopbackaddress


FP-6.1-JP-292

PassedThis test willverify the IPv6Unique localaddress as input

Verify the Geolookup- IPv6Unique localaddress


FP-6.1-JP-293

PassedThis test willverify the IPv6documentationPrefix address asinput

Verify the Geolookup- IPv6documentationPrefix address


FP-6.1-JP-294

PassedThis test willverify the IPv6site localaddress as input

Verify the Geolookup- IPv6site localaddress


FP-6.1-JP-295

PassedThis test willverify more thanmax supported250 address asinput

Verify the Geolookup- Morethan maxsupported 250address


FP-6.1-JP-296

PassedThis test willverify able tocopy and Pastethe list of IPv4list manually.

Verify the Geolookup- Copyand Paste the listof IPv4 addressmanually.


FP-6.1-JP-297

PassedThis test willverify it throwserror for the badstrings enteredin text box.

Verify the Geolookup- ThrowsError for BadStrings.


FP-6.1-JP-298



Japan

PassedThis test willverify the sortbased oncountry name,code andcontinent.

Verify the Geolookup- Sortbased oncountry name,code andcontinent


FP-6.1-JP-299

PassedCheck if theentering stringson input fieldshows propererror message

Strings onwhoislookup field

User-requestedWhois Lookup

FP-6.1-JP-300

PassedCheck if theIPv4 addresssearch on whoisshowsappropriateresult.

Search IPv4address onwhois field


FP-6.1-JP-301

PassedCheck if theIPv6 addresssearch on whoisshowsappropriateresult.

Search IPv6Address onwhois field


FP-6.1-JP-302

PassedCheck if theinvalid IPv4address searchon whois showsappropriateerror.

Search invalidIPv4Address onwhois field


FP-6.1-JP-303

PassedCheck if theinvalid IPv6address searchon whois showsappropriateerror.

Search invalidIPv6Address onwhois field


FP-6.1-JP-304

PassedCheck if theoutput of whoisfield search canbe copy andpasted on Localmachine.

Copy/Pasteoutput of whoisfield search tolocal machine


FP-6.1-JP-305



PassedCheck if theIPv4 or IPv6address fromlocal machinecan be copy andpaste to whoisfield

Copy/Paste IPv4or IPv6 addressfrom localmachine towhois field


FP-6.1-JP-306

PassedCheck if theIPv4 or IPv6address searchresult byswitching HighAvailabilitymode on FMC

IPv4 or IPv6address searchby switchingHighAvailabilitymode


FP-6.1-JP-307

PassedVerify the threereports arepresent withonly “Generate”option

AdvancedMalware,Attacks &Networks RiskReport

Integrated RiskReports

FP-6.1-JP-308

PassedVerify the EachRisk Report areable to generateand all InputParameters areavailable

AdvancedMalware,Attacks &Networks areable to generate


FP-6.1-JP-309

PassedVerify the Eachrisk report areable to view,download anddeletesuccessfully.

Each RiskReport-View,download andDelete


FP-6.1-JP-310

PassedVerify theAdvancedMalware RiskReport are ableto Generate inReportTemplates Tab

Able toGenerateAdvancedMalware RiskReport


FP-6.1-JP-311

PassedVerify the Title,Date & CoverPage haveaccurateinformation ofAdvancedMalware RiskReport.

Title, Date &Cover Page ofAdvancedMalware RiskReport


FP-6.1-JP-312



Japan

PassedVerify the eachsection andwidget areavailable inAdvancedMalware RiskReport.

AdvancedMalware RiskReports-Sections& Widgets


FP-6.1-JP-313

PassedVerify theExecutiveSummarySection have thesix widgetscorrectly.

AdvancedMalware RiskReport-ExecutiveSummarySection.


FP-6.1-JP-314

PassedVerifying theMalware ProfileFlow Diagramcounts aredisplayedcorrectly.

AdvancedMalware RiskReport-FlowDiagram


FP-6.1-JP-315

PassedVerifying theRecommendationsSections aredisplayedCorrectly.

AdvancedMalware RiskReport-Recommendations.


FP-6.1-JP-316

PassedVerifying theAbout cisco andContact us aredisplayedcorrectly

AdvancedMalware RiskReport-AboutCisco andContact Us


FP-6.1-JP-317

PassedVerify theAttacks RiskReport are ableto Generate inReportTemplates Tab

Able toGenerateAttacks RiskReport


FP-6.1-JP-318

PassedThis test willVerify the Title,Date & CoverPage haveaccurateinformation ofAttacks RiskReport.

Title, Date &Cover Page ofAttacks RiskReport


FP-6.1-JP-319



PassedThis test willverify the eachsection andwidget areavailable inAttacks RiskReport.

Attacks RiskReports-Sections& Widgets


FP-6.1-JP-320

PassedThis test willverify theExecutiveSummarySection have thesix widgetscorrectly.

Attacks RiskReport-ExecutiveSummarySection.


FP-6.1-JP-321

PassedThis test willverify theRecommendationsSections aredisplayedCorrectly.

Attacks RiskReport-Recommendations.


FP-6.1-JP-322

PassedThis test willverify the Aboutcisco andContact us aredisplayedcorrectly

Attacks RiskReport-AboutCisco andContact Us


FP-6.1-JP-323

PassedThis test willverify theNetworks RiskReport are ableto Generate inReportTemplates Tab

Able toGenerateNetworks RiskReport


FP-6.1-JP-324

PassedThis test willverify the Title,Date & CoverPage haveaccurateinformation ofNetworks RiskReport.

Title, Date &Cover Page ofNetworks RiskReport


FP-6.1-JP-325



Japan

PassedThis test willverify the eachsection andwidget areavailable inNetworks RiskReport.

Networks RiskReports-Sections& Widgets


FP-6.1-JP-326

PassedThis test willverify theExecutiveSummarySection have thesix widgetscorrectly.

Networks RiskReport-ExecutiveSummarySection.


FP-6.1-JP-327

PassedThis test willverify theRecommendationsSections aredisplayedCorrectly.

Networks RiskReport-Recomme

test results for cisco firepower 6.1.0 for japan · dns domainnamesystem dos denialofservice. eobc...

Documents