Cisco Cisco Firepower Management Center 2000
3
FireSIGHT System Release Notes
Version 5.3.1.1
Features and Functionality Added in Previous Releases
Feature Limitations of Cisco ASA with FirePOWER Services
When you use a Defense Center to manage Cisco ASA with FirePOWER Services devices, the ASA
FirePOWER module provides the first-line system policy and passes traffic to the FireSIGHT System
for access control, intrusion detection and prevention, discovery, and advanced malware protection.
FirePOWER module provides the first-line system policy and passes traffic to the FireSIGHT System
for access control, intrusion detection and prevention, discovery, and advanced malware protection.
Regardless of the licenses installed and applied, ASA FirePOWER devices do not support any of the
following features through the FireSIGHT System:
following features through the FireSIGHT System:
•
ASA FirePOWER devices do not support the FireSIGHT System’s hardware-based features,
including clustering, stacking, switching, routing, virtual private networks (VPN), and network
address translation (NAT).
including clustering, stacking, switching, routing, virtual private networks (VPN), and network
address translation (NAT).
Note
The ASA platform provides these features, configured using the ASA command line interface (CLI) and
Adaptive Security Device Manager (ASDM). For more information, see the ASA FirePOWER module
documentation.
Adaptive Security Device Manager (ASDM). For more information, see the ASA FirePOWER module
documentation.
•
You cannot use the Defense Center web interface to configure ASA FirePOWER interfaces.
•
You cannot use the Defense Center to shut down, restart, or otherwise manage ASA FirePOWER
processes.
processes.
•
You cannot use the Defense Center to create backups from or restore backups to ASA FirePOWER
devices.
devices.
•
You cannot write access control rules to match traffic using VLAN tag conditions.
The ASA FirePOWER device does not have a FireSIGHT web interface. However, it has software and
a CLI specific to the ASA platform. You use these ASA-specific tools to install the system and to
perform other platform-specific administrative tasks. For more information, see the ASA FirePOWER
module documentation.
a CLI specific to the ASA platform. You use these ASA-specific tools to install the system and to
perform other platform-specific administrative tasks. For more information, see the ASA FirePOWER
module documentation.
Note that if you edit an ASA FirePOWER device and switch from multiple context mode to single
context mode (or vise versa), the device renames all of its interfaces. You must reconfigure all
FireSIGHT System security zones, correlation rules, and related configuration to use the updated
ASA FirePOWER interface names.
context mode (or vise versa), the device renames all of its interfaces. You must reconfigure all
FireSIGHT System security zones, correlation rules, and related configuration to use the updated
ASA FirePOWER interface names.
Note
The Defense Center does not display ASA interfaces when the ASA FirePOWER device is deployed in
SPAN port mode.
SPAN port mode.
Terminology
Version 5.3.1 introduces the ability to manage Cisco ASA with FirePOWER Services using FireSIGHT
Defense Centers. If you reference documentation for Version 5.3 or Version 5.3.0.1, you may notice the
terminology differs from the documentation for Version 5.3.1.
Defense Centers. If you reference documentation for Version 5.3 or Version 5.3.0.1, you may notice the
terminology differs from the documentation for Version 5.3.1.
Table 1
Changes to Terminology
Version 5.3.1 Terminology
Description
Cisco
Formerly Sourcefire
FireSIGHT System
Formerly Sourcefire 3D System