Cisco Cisco Firepower Management Center 4000 Installationsanleitung

For passive deployments, create monitor (tap) circuits to ensure that a copy of the network traffic is 
sent to the VAP group for analysis. 

For inline deployments, create template (bridge) circuits and child circuits to provide logical 
connections through a VAP group and between network interfaces.

For more information on configuring and associating X-Series circuits for use in a Cisco NGIPS for Blue 
Coat X-Series installation, see 

, 

Cisco NGIPS for Blue Coat X-Series uses Virtual Appliance Processors (VAPs) and VAP groups hosted 
on Application Processor Modules (APMs) on blades of the X-Series platform, as described below:

The X-Series platform can host one or more blades (APMs).

Each APM can host one VAP. 

Each VAP can run one installation of Cisco NGIPS for Blue Coat X-Series. 

Each VAP functions like a managed device in the FireSIGHT System, and appears on its managing 
Defense Center as a device.

A VAP group is a combination of VAPs, similar to physical device clustering, configured through 
the X-Series command line interface (CLI).

When you install Cisco NGIPS for Blue Coat X-Series on a VAP, the name you give to the VAP appears 
on the Defense Center web interface as the name of the device. 

In the following diagram, three APMs (

APM1

, 

APM2

, and 

APM3

) each host one installation of Cisco NGIPS 

for Blue Coat X-Series on each VAP (

VAP1

, 

VAP2

, and 

VAP3

). These three APMs are configured as a single 

VAP group (

Cisco NGIPS for Blue Coat X-Series VAP Group

). In the Defense Center web interface, 

each VAP appears as a separate software device that you must add and configure individually.

If you use a device group on the FireSIGHT System, you can create a VAP group that parallels the 
structure of the device group. Use the same or similar names for VAP groups and their corresponding 
device groups to make management easier.