Cisco Cisco Firepower Management Center 4000 Release Notes
Version 5.2.0.6
Sourcefire 3D System Release Notes
40
Features Introduced in Previous Versions
redundancy so that when one endpoint fails, the remaining endpoints can still
communicate with each other. This type of deployment commonly represents a
VPN that connects a group of decentralized branch office locations.
Note that this feature is only available on Series 3 devices. To deploy VPN, you
Note that this feature is only available on Series 3 devices. To deploy VPN, you
must enable Protection, Control, and VPN licenses on each of the managed
devices used for the VPN.
Policy-Based NAT
Version 5.2 introduces the ability to create a network address translation (NAT)
policy. A NAT policy determines how the system performs routing with NAT.
You can now create and use both static and dynamic NAT rules for further
You can now create and use both static and dynamic NAT rules for further
flexibility and granular control of NAT configuration. Policy-based NAT supports
the following types of rules:
•
static, which provide one-to-one translations on destination networks and
optionally port and protocol
•
dynamic IP, which translate many-to-many source networks, but maintain
port and protocol
•
dynamic IP and port, which translate many-to-one or many-to-many source
networks and port and protocol
You can configure NAT policies in different ways to manage specific network
needs:
•
to expose an internal server to an external network
•
to allow an internal host or server to connect to an external application
•
to hide private network addresses from an external network by using a
block of IP addresses
•
to hide private network addresses from an external network using a limited
block of IP addresses and port translation
In previous versions, you could configure NAT through device-based NAT rules.
Policy-based NAT replaces that functionality. When you update managed devices
to Version 5.2, the device-based NAT rules for that device (formerly configured
under Devices > Device Management > Edit) become a NAT policy (under the Devices
> NAT tab on the Defense Center) with equivalent rules.
You can use policy-based NAT on Series 3 managed devices with a Control
You can use policy-based NAT on Series 3 managed devices with a Control
license enabled.
Clustered Stacking
In addition to the ability to create clustered configurations of managed devices,
you can now establish redundancy of networking functionality and configuration
data between two identically configured peer device stacks. Just as with paired
individual devices in a cluster, clustered stacks provide a backup option if one
stack fails. As in the existing clustering feature, all devices in the configuration
must have identical licenses and must have Control licenses. When you register