Cisco Cisco Firepower Management Center 2000
E-2
FireSIGHT System User Guide
Appendix E Security, Internet Access, and Communication Ports
Communication Ports Requirements
promote the secondary to Active as described in
.
The following table describes the Internet access requirements of specific features of the FireSIGHT
System.
System.
Communication Ports Requirements
Sourcefire 3D System appliances communicate using a two-way, SSL-encrypted communication
channel, which by default uses port 8305/tcp. The system requires this port remain open for basic
intra-appliance communication. Other open ports allow:
channel, which by default uses port 8305/tcp. The system requires this port remain open for basic
intra-appliance communication. Other open ports allow:
•
access to an appliance’s web interface
Table E-1
FireSIGHT System Feature Internet Access Requirements
Feature
Internet access is required to...
Appliances
High Availability Considerations
dynamic analysis: querying query the cloud for threat scores
of files previously submitted for
dynamic analysis.
dynamic analysis.
Defense Center
Paired Defense Centers query the
cloud for threat scores
independently.
cloud for threat scores
independently.
dynamic analysis:
submitting
submitting
submit files to the cloud for
dynamic analysis.
dynamic analysis.
Managed devices,
including X-Series
including X-Series
n/a
FireAMP integration
receive endpoint-based
(FireAMP) malware events from
the Cisco cloud.
(FireAMP) malware events from
the Cisco cloud.
Defense Center
Cloud connections are not
synchronized. Configure them on
both Defense Centers.
synchronized. Configure them on
both Defense Centers.
intrusion rule, VDB, and
GeoDB updates
GeoDB updates
download or schedule the
download of a intrusion rule,
GeoDB, or VDB update directly
to an appliance.
download of a intrusion rule,
GeoDB, or VDB update directly
to an appliance.
Defense Center
Intrusion rule, GeoDB, and VDB
updates are synchronized.
updates are synchronized.
network-based AMP
perform malware cloud lookups.
Defense Center
Paired Defense Centers perform
cloud lookups independently.
cloud lookups independently.
RSS feed dashboard widget download RSS feed data from an
external source, including Cisco.
Any except virtual
devices and X-Series
devices and X-Series
Feed data is not synchronized.
Security Intelligence
filtering
filtering
download Security Intelligence
feed data from an external source,
including the Cisco Intelligence
Feed.
feed data from an external source,
including the Cisco Intelligence
Feed.
Defense Center
The primary Defense Center
downloads feed data and shares it
with the secondary. In case of
primary failure, promote the
secondary to active.
downloads feed data and shares it
with the secondary. In case of
primary failure, promote the
secondary to active.
system software updates
download or schedule the
download of a system update
directly to an appliance.
download of a system update
directly to an appliance.
Any except virtual
devices and X-Series
devices and X-Series
System updates are not
synchronized.
synchronized.
URL filtering
download cloud-based URL
category and reputation data for
access control, and perform
lookups for uncategorized URLs.
category and reputation data for
access control, and perform
lookups for uncategorized URLs.
Defense Center
The primary Defense Center
downloads URL filtering data
and shares it with the secondary.
In case of primary failure,
promote the secondary to active.
downloads URL filtering data
and shares it with the secondary.
In case of primary failure,
promote the secondary to active.
whois
request whois information for an
external host.
external host.
Any except virtual
devices and X-Series
devices and X-Series
Any appliance requesting whois
information must have Internet
access.
information must have Internet
access.