Cisco Cisco Firepower Management Center 2000
5
FireSIGHT System Release Notes
New Features and Functionality
Support for VMXNET3 Interfaces in VMware Virtual Appliances
VMXNET3 interface types are now supported on virtual devices. This allows you to use high-speed network interfaces,
up to 10Gbits/s.
up to 10Gbits/s.
Multiple Management Interfaces
You can now use multiple management interface ports on Series 3 Defense Centers, FirePOWER (Series 3) managed
devices, and virtual Defense Centers. You can set one interface for management traffic and another interface for event
traffic. This improves deployment options in some environments.
devices, and virtual Defense Centers. You can set one interface for management traffic and another interface for event
traffic. This improves deployment options in some environments.
Series 3 Support
Version 5.4 introduces the 3D7050 as a 70xx Family device with a dual core quad thread processor, 8GB of RAM, and a
80GB hard drive.
80GB hard drive.
LACP Support
FirePOWER (Series 3) devices are now able to take part in Link Aggregation Control Protocol (LACP) (IEEE 802.3ad)
negotiation to aggregate multiple links together into one. This allows both link redundancy and bandwidth sharing.
negotiation to aggregate multiple links together into one. This allows both link redundancy and bandwidth sharing.
Defense Center 2000 (DC2000)
The DC2000 is a new Defense Center appliance platform that offers double the performance and capacity of the
DC1500.
DC1500.
Defense Center 4000 (DC4000)
The DC4000 is a new Defense Center appliance platform that offers double the performance and capacity of the
DC3500.
DC3500.
International Compatibility Enhancements
Unicode Support
The system now displays the names of files detected through file detection, malware detection, and FireAMP file events.
This allows the display of non-Western characters, including those that are double-byte encoded.
This allows the display of non-Western characters, including those that are double-byte encoded.
Geolocation and Security Intelligence Data in Correlation Rules
The correlation rules engine has been updated to make connection, geolocation, and Security Intelligence data available.
This allows you to generate correlated events or take correlated actions based on these two new constraints. For
example, if an Impact 1 intrusion event is detected from a specific country, you can set up an alert to log that information
to an external syslog server.
This allows you to generate correlated events or take correlated actions based on these two new constraints. For
example, if an Impact 1 intrusion event is detected from a specific country, you can set up an alert to log that information
to an external syslog server.
Support for Private FireAMP Cloud
With Version 5.4, you can use a private FireAMP cloud rather than the Cisco public cloud. This requires installation of a
private cloud virtual appliance. The private cloud mediates interactions with the public cloud so you can gather collected
threat information from the public cloud without exposing information from your network.
private cloud virtual appliance. The private cloud mediates interactions with the public cloud so you can gather collected
threat information from the public cloud without exposing information from your network.
The following features and functionality were updated in Version 5.4:
Detection and Security Enhancements
Integrated SSL Decryption
FirePOWER (Series 3) devices can now identify SSL communications and decrypt the traffic before applying attack,
application, and malware detection. You can use SSL decryption in any of the supported Series 3 device deployment
modes, including inline and passive. SSL policies control characteristics of SSL in use within the enterprise, with SSL
rules to exert granular control over encrypted traffic logging and handling.
application, and malware detection. You can use SSL decryption in any of the supported Series 3 device deployment
modes, including inline and passive. SSL policies control characteristics of SSL in use within the enterprise, with SSL
rules to exert granular control over encrypted traffic logging and handling.