Cisco Cisco AMP Threat Grid 5004 Appliance Installation Guide
Cisco AMP Threat Grid Appliance Setup and Configuration Guide
PLANNING
PLANNING
5
Monitor: You can either attach a monitor to the server, or, if CIMC (Cisco Integrated Management Controller) is
configured, you can use a remote KVM.
configured, you can use a remote KVM.
Hardware Documentation
Installation and Service Guide for Cisco UCS C220 M4 Server:
http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c/hw/C220M4/install/C220M4.pdf
Installation and Service Guide for Cisco UCS C220 M3 Server:
http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c/hw/C220/install/C220.html
Spec Sheet for Cisco UCS C220 M3 High-Density Rack Server (Small Form Factor Disk Drive Model):
http://www.cisco.com/c/dam/en/us/products/collateral/servers-unified-computing/ucs-c-series-rack-
servers/C220M3_SFF_SpecSheet.pdf
servers/C220M3_SFF_SpecSheet.pdf
Cisco has a power/cooling calculator, which you may also find useful:
https://mainstayadvisor.com/Go/Cisco/Cisco-UCS-Power-Calculator.aspx
Network Requirements
The Threat Grid Appliance requires three networks:
ADMIN - The "Administrative" network. Must be configured in order to perform the appliance setup.
CLEAN - The "Clean" network is used for inbound, trusted traffic to the appliance (requests). This includes
integrated appliances. For example, the Cisco Email Security appliances and Web Security appliances
(ESA/WSA) connect to the IP address of the Clean interface.
integrated appliances. For example, the Cisco Email Security appliances and Web Security appliances
(ESA/WSA) connect to the IP address of the Clean interface.
Note:
The following specific, restricted kinds of network traffic can be outbound from Clean:
•
Remote syslog connections
•
Email messages sent by the Threat Grid Appliance itself
•
Disposition Update Service connections to FireAMP Private Cloud devices
•
DNS requests related to any of the above
DIRTY - The "Dirty" network is used for outbound traffic from the appliance (including malware traffic).
Note:
We recommend using a dedicated external IP address (i.e., the "Dirty" interface) that is different from your
corporate IP, in order to protect your internal network assets.
For network interface setup information and illustrations, see the Network Interfaces, and Network Interface
Connections Setup sections below.
Connections Setup sections below.