Manualsbrain.com
  1. Handbücher
  2. Marken
  3. Cisco
  4. Cisco Firepower Management Center 4000

Cisco Cisco Firepower Management Center 4000

Download
Seite von 44
Version 5.2.0.7
Sourcefire 3D System Release Notes
42
Features Introduced in Previous Versions
Hosts on your monitored network may now have multiple associated IP 
addresses (both IPv4 and IPv6). Most parts of the system coordinate data for 
each of a host's IP addresses to give a full picture of the host's activity and to 
allow you to take action against an entire host easily.
Sourcefire User Agent Logoff Detection
User Agents monitor users as they log into the network or when accounts 
authenticate against Active Directory credentials for other reasons and maps 
users to host IP addresses, to support user access control. 
Version 2.1 of the Sourcefire User Agent also now detects logoffs of active 
directory users. When the agent checks a host and discovers that the expected 
user is no longer logged in, the agent generates a logoff for that user. When the 
Defense Center receives the logoff, it unmaps the user from the previously 
associated IP address. 
Access Control
Version 5.2 also adds new functionality in the access control policy: support for 
source ports and ICMP types and codes in port conditions in access control rules 
and support for blocking encrypted application traffic using either application 
conditions or URL conditions.
Source Ports in Access Control Rules 
You can now specify source ports as a condition for access control rules; this 
expands upon the existing capability to specify destination ports. The source 
ports you specify must be TCP or UDP ports.
ICMP Types and Codes in Access Control Rules 
You can now use Internet Control Message Protocol (ICMP) types and codes in 
access control rules, correlation rules, and port objects. You can also now view 
ICMP types and codes for all relevant events in the event viewer.
SSL Application Detection
Version 5.2 adds many new application detectors for applications in SSL traffic, 
allowing you to identify, and optionally block, encrypted application sessions 
based on the common name from the SSL client certificate used in the session. 
URL Blocking based on SSL Common Name
You can now block encrypted application traffic using a URL based on the 
common name in an SSL certificate.