Cisco Cisco Firepower Management Center 2000
1
Firepower System Release Notes
Terminology and Documentation
In previous releases, you configured NAT for Firepower Threat Defense on a per-device basis. For Version 6.1, Firepower Threat Defense NAT
is a policy-based feature, which means you can share one NAT configuration among multiple devices. The update process automatically
converts your per-device NAT settings to NAT policies, applied to the appropriate devices. After the update, you can edit and consolidate these
policies by choosing Devices > NAT. (143836/CSCze94100)
is a policy-based feature, which means you can share one NAT configuration among multiple devices. The update process automatically
converts your per-device NAT settings to NAT policies, applied to the appropriate devices. After the update, you can edit and consolidate these
policies by choosing Devices > NAT. (143836/CSCze94100)
This release introduces Interface Groups, which are similar to Security Zones, except that an interface can belong to multiple interface groups
(and also to one security zone.) Interface groups are supported only in Firepower Threat Defense NAT policies, QoS policies, and prefilter
policies. As part of this change, the menu path Object Management > Security Zone has changed to Object Management > Interface.
(and also to one security zone.) Interface groups are supported only in Firepower Threat Defense NAT policies, QoS policies, and prefilter
policies. As part of this change, the menu path Object Management > Security Zone has changed to Object Management > Interface.
Prefiltering is supported on Firepower Threat Defense devices only. Prefilter policies deployed to Classic devices (7000 and 8000 Series,
NGIPSv, ASA FirePOWER) have no effect. You can safely ignore the message that appears when you deploy to Classic devices.
NGIPSv, ASA FirePOWER) have no effect. You can safely ignore the message that appears when you deploy to Classic devices.
FTP Normalization is automatically enabled when you deploy a file policy in Version 6.1, even if inline normalization is disabled in a network
analysis policy.CSCva20916
analysis policy.CSCva20916
Threatgrid file analysis scores are no longer reported in the syslog.(CSCuy08395
If you deploy an intrusion policy with Drop when Inline enabled, intrusion events that use the detection_filter keyword and are set to drop
and generate now display Dropped instead of Would be dropped. (CSCuy65203)
and generate now display Dropped instead of Would be dropped. (CSCuy65203)
Deprecated Functionality
The following features have deprecated functionality in Version 6.1.0:
The system no longer supports connections to Microsoft Windows 2003 servers.
Version 6.1 removes external database access to the sru_import_log table.
The External Authentication option on the Platform Settings page (Devices > Platform Settings) is not available on Firepower Threat
Defense devices running Version 6.1.0. However, you can now use SSH on Management and data interfaces using the same login credentials.
For SSH to data interfaces, you must now use local usernames instead of an external AAA server username. Local users can only be configured
at the CLI using the configure user add command. By default, there is an admin user for which you configured the password during initial setup.
Defense devices running Version 6.1.0. However, you can now use SSH on Management and data interfaces using the same login credentials.
For SSH to data interfaces, you must now use local usernames instead of an external AAA server username. Local users can only be configured
at the CLI using the configure user add command. By default, there is an admin user for which you configured the password during initial setup.
Terminology and Documentation
The terminology and branding used in Version 6.1.0 may differ from the terminology used in previous releases, as summarized in the following
table. For more information about terminology and branding changes, see the
table. For more information about terminology and branding changes, see the