Cisco Cisco Firepower Management Center 2000
Firepower System Release Notes
New Features and Functionality
8
Updated Documentation
To access the full documentation for the Firepower System, see the documentation roadmap at
. In Version 6.0.1.1, the
following documents were updated to reflect the addition of new features and changed functionality and to
address reported documentation issues:
address reported documentation issues:
Firepower Management Center Configuration Guide
Firepower Management Center Online Help
The documentation updated for Version 6.0.1.1 contains the following errors:
The Firepower Management Center Configuration Guide incorrectly states that Cisco does not recommend
enabling more than one non-SFRP IP address on a 7000 or 8000 Series device high availability pair's routed
or hybrid interface where one SFRP IP address is already configured. The system does not perform NAT if a
7000 or 8000 Series device high availability pair experience failover while in standby mode.
enabling more than one non-SFRP IP address on a 7000 or 8000 Series device high availability pair's routed
or hybrid interface where one SFRP IP address is already configured. The system does not perform NAT if a
7000 or 8000 Series device high availability pair experience failover while in standby mode.
The Firepower Management Center Configuration Guide does not reflect that in a multidomain deployment,
when you create a DNS policy, the Descendant Whitelists for DNS rule and Descendant Blacklists for DNS rule
are disabled by default. You can enable each rule by editing them.
when you create a DNS policy, the Descendant Whitelists for DNS rule and Descendant Blacklists for DNS rule
are disabled by default. You can enable each rule by editing them.
Note:
The online help content may differ from the Firepower Management Center Configuration Guide content.
The Firepower Management Center Configuration Guide content is updated more regularly than the online help.
Features and Changed Functionality Introduced in Previous Versions
Functionality described in previous versions may be superseded by other new functionality or updated through
resolved issues. The following features and functionality were introduced in previous versions:
resolved issues. The following features and functionality were introduced in previous versions:
Version 6.0.1
Fully Integrated, Threat-Focused Next-Generation Firewall
Most next-generation firewalls (NGFWs) focus heavily on enabling application control, but little on their threat
defense capabilities. To compensate, some NGFWs try to supplement their first-generation intrusion prevention
with a series of non-integrated add-on products. However, this approach does little to protect your business
against the risks posed by sophisticated attackers and advanced malware. Further, once you do get infected, they
offer no assistance in scoping the infection, containing it, and remediating quickly.
defense capabilities. To compensate, some NGFWs try to supplement their first-generation intrusion prevention
with a series of non-integrated add-on products. However, this approach does little to protect your business
against the risks posed by sophisticated attackers and advanced malware. Further, once you do get infected, they
offer no assistance in scoping the infection, containing it, and remediating quickly.
The Cisco Firepower™ Next-Generation Firewall (NGFW) is the industry’s first fully integrated, threat-focused
NGFW. It delivers comprehensive, unified policy management of firewall functions, application control, threat
prevention, and advanced malware protection from the network to the endpoint.
NGFW. It delivers comprehensive, unified policy management of firewall functions, application control, threat
prevention, and advanced malware protection from the network to the endpoint.
Firepower Threat Defense
The Firepower Threat Defense software package can be deployed on Cisco Firepower 4100 and 9300 appliances
to provide a performance and density optimized NGFW security platform for Internet edge and other
high-performance environments. Firepower Threat Defense functionality added in this release includes device and
interface management, routing, NAT, and device high availability, in addition to support for the full Firepower
NGIPS offering.
to provide a performance and density optimized NGFW security platform for Internet edge and other
high-performance environments. Firepower Threat Defense functionality added in this release includes device and
interface management, routing, NAT, and device high availability, in addition to support for the full Firepower
NGIPS offering.
This release introduces support for Firepower Threat Defense on the Firepower 4100 Series and the Firepower
9300, as well as on the ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X, ASA 5512-X, ASA 5515-X,
ASA 5516-X, ASA 5525-X, ASA 5545-X, and ASA 5555-X.
9300, as well as on the ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X, ASA 5512-X, ASA 5515-X,
ASA 5516-X, ASA 5525-X, ASA 5545-X, and ASA 5555-X.