Cisco Cisco Firepower Management Center 4000
Version 5.2.0.7
Sourcefire 3D System Release Notes
42
Features Introduced in Previous Versions
Hosts on your monitored network may now have multiple associated IP
addresses (both IPv4 and IPv6). Most parts of the system coordinate data for
each of a host's IP addresses to give a full picture of the host's activity and to
allow you to take action against an entire host easily.
Sourcefire User Agent Logoff Detection
User Agents monitor users as they log into the network or when accounts
authenticate against Active Directory credentials for other reasons and maps
users to host IP addresses, to support user access control.
Version 2.1 of the Sourcefire User Agent also now detects logoffs of active
Version 2.1 of the Sourcefire User Agent also now detects logoffs of active
directory users. When the agent checks a host and discovers that the expected
user is no longer logged in, the agent generates a logoff for that user. When the
Defense Center receives the logoff, it unmaps the user from the previously
associated IP address.
Access Control
Version 5.2 also adds new functionality in the access control policy: support for
source ports and ICMP types and codes in port conditions in access control rules
and support for blocking encrypted application traffic using either application
conditions or URL conditions.
Source Ports in Access Control Rules
You can now specify source ports as a condition for access control rules; this
expands upon the existing capability to specify destination ports. The source
ports you specify must be TCP or UDP ports.
ICMP Types and Codes in Access Control Rules
You can now use Internet Control Message Protocol (ICMP) types and codes in
access control rules, correlation rules, and port objects. You can also now view
ICMP types and codes for all relevant events in the event viewer.
SSL Application Detection
Version 5.2 adds many new application detectors for applications in SSL traffic,
allowing you to identify, and optionally block, encrypted application sessions
based on the common name from the SSL client certificate used in the session.
URL Blocking based on SSL Common Name
You can now block encrypted application traffic using a URL based on the
common name in an SSL certificate.