Cisco Cisco Firepower Management Center 4000
Version 5.2.0.7
Sourcefire 3D System Release Notes
38
Features Introduced in Previous Versions
File trajectory information provides standard information about the file (the file
name, type, disposition, actions taken by the system, and so on) as well as when
it was first and last seen, the number of hosts associated with the file, and the
name of any associated threats. The trajectory of a file through your network is
illustrated in visual form on the File Trajectory page. You can access the File
Trajectory page directly (Analysis > Files > Network File Trajectory) or from the
Context Explorer, dashboard, or event views of connection, file, or malware
events.
You can view network file trajectories on any file where a malware cloud lookup
You can view network file trajectories on any file where a malware cloud lookup
occurred using AMP or on any file detected or quarantined by FireAMP,
Sourcefire’s endpoint-based advanced malware analysis and protection solution.
Next-Generation Firewall (NGFW)
Several new device management features were added in Version 5.2: high
availability state sharing, gateway VPN configuration, policy-based configuration
of network address translation (NAT), and clustered stacking.
Clustered State Sharing
The clustered state sharing feature, also referred to as high availability (HA) state
sharing, allows clustered devices or clustered stacks to synchronize their states
so that, if either device or stack in the cluster fails, the other peer can take over
with no interruption to traffic flow. This provides improved failover capability for
strict TCP enforcement, unidirectional access control rules, and blocking
persistence. Clustered state sharing is supported for VPN and NAT
configurations.
With state sharing, devices in the cluster allow TCP sessions to continue after
With state sharing, devices in the cluster allow TCP sessions to continue after
failover without having to reevaluate the connection against your access control
rules, even if strict TCP enforcement is enabled.
State sharing also allows the system to transfer the status of allowed connections
State sharing also allows the system to transfer the status of allowed connections
matching unidirectional access control rules during failover. Without state sharing,
if an allowed connection is still active following a failover and the next packet is
seen as a response packet, the system denies the connection. With state
sharing, a midstream pickup matches the existing connection and the connection
continues to be allowed.
Another advantage of state sharing is that while many connections are blocked on
Another advantage of state sharing is that while many connections are blocked on
the first packet based on access control rules or other factors, there are cases
where the system allows some number of packets through before determining
that the connection should be blocked. With state sharing, the system
immediately blocks the connection on the peer device or stack as well.
You can enable state sharing on clustered Series 3 managed devices with a
You can enable state sharing on clustered Series 3 managed devices with a
Control license enabled.
Gateway VPN
You can now configure the Sourcefire 3D System to build secure Virtual Private
Network (VPN) tunnels between virtual routers on Sourcefire managed devices
and a remote device. After the VPN connection is established, the hosts behind