Cisco Cisco Firepower Management Center 2000
4
FireSIGHT System Release Notes
New Features and Functionality
policies, advanced malware protection, application control, user and group control, file control, and URL filtering and then apply those
configurations to multiple ASA5506-X devices all at once. In addition, Defense Centers provide critical dashboards, event views, alerting
capabilities, and reporting from all of your ASA FirePOWER devices in a single view.
configurations to multiple ASA5506-X devices all at once. In addition, Defense Centers provide critical dashboards, event views, alerting
capabilities, and reporting from all of your ASA FirePOWER devices in a single view.
Direct Management of Cisco ASA5506-X with FirePOWER Services
Cisco’s Adaptive Security Device Manager (ASDM) can be used to perform the same ASA FirePOWER management functions listed
above, but only on one ASA5506-X device at a time. In addition, you can manage system policies, licensing, and back up and restore
directly.
above, but only on one ASA5506-X device at a time. In addition, you can manage system policies, licensing, and back up and restore
directly.
Management Limitations of Cisco ASA with FirePOWER Services
At the current time, the Cisco ASA FirePOWER product consists of two different products tightly integrated with each other: the ASA
Firewall and the FirePOWER Next-Generation Intrusion Prevention System (NGIPS). Whereas critical data sharing between the two has
been accomplished, a unified management platform is still in development.
Firewall and the FirePOWER Next-Generation Intrusion Prevention System (NGIPS). Whereas critical data sharing between the two has
been accomplished, a unified management platform is still in development.
For this reason, the Cisco ASA functionality is currently managed through the Cisco Security Manager (CSM) or the Adaptive Security
Device Manager (ASDM), and the FirePOWER Services functionality is managed through the Cisco Defense Center. As a result, the
Defense Center does not support any of the following capabilities:
Device Manager (ASDM), and the FirePOWER Services functionality is managed through the Cisco Defense Center. As a result, the
Defense Center does not support any of the following capabilities:
Cisco ASA hardware-based features, including clustering, stacking, switching, routing, virtual private networks (VPN), and network
address translation (NAT).
address translation (NAT).
Configuring ASA interfaces. In addition, when FirePOWER Services are deployed in SPAN port mode, any ASA interfaces that have
been configured will not be displayed.
been configured will not be displayed.
Shutting down, restarting or otherwise managing ASA processes.
Creating or restoring backups from ASA devices.
Writing access control rules to match traffic using VLAN tag conditions.
Note:
The ASA platform provides these features, configured using the ASA command line interface (CLI) and ASDM. For more
information, see the ASA FirePOWER module documentation.
Platform Enhancements
VMware Tool Support
You can now use VMware Tools with FireSIGHT System virtual appliances. This enhances compatibility with the VMware environment
and improves management of virtual devices by enabling soft power down, migration, and other virtual specific capabilities. VMware tools
are supported on:
and improves management of virtual devices by enabling soft power down, migration, and other virtual specific capabilities. VMware tools
are supported on:
64-bit Virtual Defense Center
64-bit Virtual managed device
Note:
As of Version 5.4 of the FireSIGHT System, the system supports ESXi version 5.0, 5.1, and 5.5.
Support for VMXNET3 Interfaces in VMware Virtual Appliances
VMXNET3 interface types are now supported on virtual devices. This allows you to use high-speed network interfaces, up to 10Gbits/s.
Multiple Management Interfaces
You can now use multiple management interface ports on Series 3 Defense Centers, FirePOWER (Series 3) managed devices, and virtual
Defense Centers. You can set one interface for management traffic and another interface for event traffic. This improves deployment options
in some environments.
Defense Centers. You can set one interface for management traffic and another interface for event traffic. This improves deployment options
in some environments.
Series 3 Support
Version 5.4 introduces the 3D7050 as a 70xx Family device with a dual core quad thread processor, 8GB of RAM, and a 80GB hard drive.