Cisco Cisco Firepower Management Center 2000
1-5
FireSIGHT System User Guide
Chapter 1 Introduction
FireSIGHT System Appliances
Cisco ASA with FirePOWER Services
You can manage Cisco ASA with FirePOWER Services (ASA FirePOWER) devices with a Defense
Center. In this deployment, the ASA device provides the first-line system policy and passes traffic to the
FireSIGHT System for access control, intrusion detection and prevention, discovery, and advanced
malware protection.
Center. In this deployment, the ASA device provides the first-line system policy and passes traffic to the
FireSIGHT System for access control, intrusion detection and prevention, discovery, and advanced
malware protection.
Regardless of the licenses installed and applied, ASA FirePOWER devices do not support any of the
following features through the FireSIGHT System:
following features through the FireSIGHT System:
•
ASA FirePOWER devices do not support the FireSIGHT System’s hardware-based features:
clustering, stacking, switching, routing, VPN, NAT, and so on. However, the ASA platform does
provide these features, which you can configure using the ASA CLI and ASDM. See the ASA
documentation for more information.
clustering, stacking, switching, routing, VPN, NAT, and so on. However, the ASA platform does
provide these features, which you can configure using the ASA CLI and ASDM. See the ASA
documentation for more information.
•
You cannot use the Defense Center web interface to configure ASA FirePOWER interfaces.
•
You cannot use the Defense Center to shut down, restart, or otherwise manage ASA FirePOWER
processes.
processes.
•
You cannot use the Defense Center to create backups from or restore backups to ASA FirePOWER
devices.
devices.
•
You cannot write access control rules to match traffic using VLAN tag conditions.
The ASA FirePOWER device does not have a FireSIGHT web interface. However, it has software (and
a command line interface (CLI) unique to the ASA platform. You use these ASA-specific tools to install
the system and to perform other platform-specific administrative tasks. See the ASA FirePOWER
module documentation for more information.
a command line interface (CLI) unique to the ASA platform. You use these ASA-specific tools to install
the system and to perform other platform-specific administrative tasks. See the ASA FirePOWER
module documentation for more information.
Note
The Defense Center does not display ASA interfaces when the ASA FirePOWER device is deployed in
SPAN port mode.
SPAN port mode.
Appliances Delivered with Version 5.3.1
The following table lists the appliances that Cisco delivers with Version 5.3.1 of the FireSIGHT System.
Note that you cannot update or reimage Series 2, Series 3, virtual, or X-Series devices to Version 5.3.1,
but a 5.3.1 Defense Center can manage a 5.3 device.
Note that you cannot update or reimage Series 2, Series 3, virtual, or X-Series devices to Version 5.3.1,
but a 5.3.1 Defense Center can manage a 5.3 device.
Table 1-1
Version 5.3.1 FireSIGHT System Appliances
Models/Family
Series
Form
Type
ASA FirePOWER:
•
ASA5585-X-SSP-10,
ASA5585-X-SSP-20,
ASA5585-X-SSP-40,
ASA5585-X-SSP-60
ASA5585-X-SSP-20,
ASA5585-X-SSP-40,
ASA5585-X-SSP-60
n/a
hardware
device
ASA FirePOWER:
•
ASA5512-X, ASA5515-X,
ASA5525-X, ASA5545-X,
ASA5555-X
ASA5525-X, ASA5545-X,
ASA5555-X
n/a
software
device