Cisco Cisco Firepower Management Center 4000 Installation Guide
C H A P T E R
1-1
Cisco NGIPS for Blue Coat X-Series Installation and Configuration Guide
1
Introduction to Cisco NGIPS for Blue Coat
X-Series
X-Series
The FireSIGHT System combines the security of an industry-leading network intrusion protection
system with the power to control access to your network based on many criteria, such as detected files
and URLs. The Defense Center
system with the power to control access to your network based on many criteria, such as detected files
and URLs. The Defense Center
® provides a centralized management console and database repository
for the FireSIGHT System. Managed devices installed on network segments monitor traffic for analysis.
Cisco NGIPS for Blue Coat X-Series provides a software-only version of the FireSIGHT System that
you can install on your X-Series platform, with access control features, including file control and
intrusion prevention. Cisco NGIPS for Blue Coat X-Series also provides network discovery functionality
that lets you map and track hosts on your network, and correlate events affecting those hosts to quickly
identify compromised hosts.
you can install on your X-Series platform, with access control features, including file control and
intrusion prevention. Cisco NGIPS for Blue Coat X-Series also provides network discovery functionality
that lets you map and track hosts on your network, and correlate events affecting those hosts to quickly
identify compromised hosts.
You can use Cisco NGIPS for Blue Coat X-Series as a managed device in a passive deployment to
monitor traffic flowing across a network, for example, using a switch SPAN, virtual switch, or mirror
port. Passive sensing interfaces receive all traffic unconditionally and no traffic received on these
interfaces is retransmitted. You can monitor connections in a passive deployment for many
characteristics, such as file types or protocols, file signatures, intrusion indicators, applications, users,
network characteristics, URLs, and location data. However, you cannot block traffic in this deployment.
monitor traffic flowing across a network, for example, using a switch SPAN, virtual switch, or mirror
port. Passive sensing interfaces receive all traffic unconditionally and no traffic received on these
interfaces is retransmitted. You can monitor connections in a passive deployment for many
characteristics, such as file types or protocols, file signatures, intrusion indicators, applications, users,
network characteristics, URLs, and location data. However, you cannot block traffic in this deployment.
You can also use Cisco NGIPS for Blue Coat X-Series as a managed device in an inline deployment to
protect your network from attacks that might affect the availability, integrity, or confidentiality of hosts
on the network. Inline interfaces receive all traffic unconditionally, and traffic received on these
interfaces is retransmitted unless explicitly dropped by the Defense Center configuration based on your
deployment. Inline devices can be deployed as a simple intrusion prevention system.
protect your network from attacks that might affect the availability, integrity, or confidentiality of hosts
on the network. Inline interfaces receive all traffic unconditionally, and traffic received on these
interfaces is retransmitted unless explicitly dropped by the Defense Center configuration based on your
deployment. Inline devices can be deployed as a simple intrusion prevention system.
Cisco NGIPS for Blue Coat X-Series uses several X-Series components:
•
The Application Processor Module (APM) provides application processing and status monitoring,
as well as standard and application-specific logging.
as well as standard and application-specific logging.
You install Cisco NGIPS for Blue Coat X-Series on an APM.
•
The Virtual Appliance Processor (VAP) consists of an operating system, system software, and an
application run on an APM.
application run on an APM.
A VAP functions like a managed device in the FireSIGHT System. You can group VAPs to provide
redundancy (similar to clustering) or to load-balanced services to run applications.
redundancy (similar to clustering) or to load-balanced services to run applications.
•
The Control Processor Module (CPM) provides all general system-functions.
You load Cisco NGIPS for Blue Coat X-Series onto the CPM.
•
The Network Processing Module (NPM) contains the physical interfaces of the X-Series platform.