Cisco Cisco Firepower 4110 Security Appliance Installationsanleitung
1
Cisco Systems, Inc.
www.cisco.com
Cisco Firepower Threat Defense for
Firepower 4100 Quick Start Guide
Firepower 4100 Quick Start Guide
First Published:
March 10, 2016
1. About Firepower Threat Defense Security Services
The Cisco Firepower 4100 security appliance is a standalone security services platform for network and content
security solutions that can run the Firepower Threat Defense application.
security solutions that can run the Firepower Threat Defense application.
You can deploy the Firepower 4100 in a data center using Firepower Threat Defense to provide next-generation
firewall services, including stateful firewalling, routing, Next-Generation Intrusion Prevention System (NGIPS),
Application Visibility and Control (AVC), URL filtering, and Advanced Malware Protection (AMP). You can use a
Threat Defense device in single context mode, and in routed or transparent mode.
firewall services, including stateful firewalling, routing, Next-Generation Intrusion Prevention System (NGIPS),
Application Visibility and Control (AVC), URL filtering, and Advanced Malware Protection (AMP). You can use a
Threat Defense device in single context mode, and in routed or transparent mode.
How Firepower Threat Defense Works with the Firepower 4100
The Firepower 4100 security appliance runs its own operating system on the supervisor called the Firepower
eXtensible Operating System (FXOS). The Firepower Chassis Manager provides simple, GUI-based management
capabilities. You can configure hardware interface settings, smart licensing, and other basic operating parameters
on the supervisor using the Firepower Chassis Manager web interface or CLI.
eXtensible Operating System (FXOS). The Firepower Chassis Manager provides simple, GUI-based management
capabilities. You can configure hardware interface settings, smart licensing, and other basic operating parameters
on the supervisor using the Firepower Chassis Manager web interface or CLI.
All physical interface operations are owned by the supervisor, including establishing external EtherChannels. You
can assign interfaces to a logical device running Firepower Threat Defense. Three types of interfaces are
supported: Data, Management, and Firepower Eventing. The Firepower Eventing interface is dedicated to carrying
only event traffic. You can assign interfaces to the Firepower 4100 with Firepower Threat Defense either at the time
of deployment or later as needed. These interfaces use the same IDs in the supervisor as in the Firepower 4100
with Firepower Threat Defense configuration.
can assign interfaces to a logical device running Firepower Threat Defense. Three types of interfaces are
supported: Data, Management, and Firepower Eventing. The Firepower Eventing interface is dedicated to carrying
only event traffic. You can assign interfaces to the Firepower 4100 with Firepower Threat Defense either at the time
of deployment or later as needed. These interfaces use the same IDs in the supervisor as in the Firepower 4100
with Firepower Threat Defense configuration.
When you deploy the Firepower 4100 with Firepower Threat Defense, the supervisor downloads an application
image of your choice, and establishes a default configuration. You can only deploy the Firepower 4100 with
Firepower Threat Defense as a standalone logical device; clustering is not supported.
image of your choice, and establishes a default configuration. You can only deploy the Firepower 4100 with
Firepower Threat Defense as a standalone logical device; clustering is not supported.
Firepower Management Center Support and CLI Access
When you deploy the Firepower 4100 with Firepower Threat Defense, you specify a management interface and
registration information for the managing Firepower Management Center to allow for Firepower Management
Center access. You register Firepower Threat Defense devices as you would any managed device, and you can do
policy configuration and deployment.
registration information for the managing Firepower Management Center to allow for Firepower Management
Center access. You register Firepower Threat Defense devices as you would any managed device, and you can do
policy configuration and deployment.
You can also access the Firepower Threat Defense CLI from the Firepower 4100 supervisor CLI using an internal
Telnet connection. From within the Firepower 4100 security appliance, you can later configure SSH or Telnet
access over any of its management or data interfaces; see
Telnet connection. From within the Firepower 4100 security appliance, you can later configure SSH or Telnet
access over any of its management or data interfaces; see