Cisco Cisco Firepower Management Center 4000
51-9
FireSIGHT System User Guide
Chapter 51 Configuring Appliance Settings
Configuring Network Settings
Note
You must use command-line tools to modify network and proxy settings for virtual devices, and to
modify network settings for Sourcefire Software for X-Series. Note that Sourcefire Software for
X-Series does not support a proxy. For more information, see the FireSIGHT System Virtual Installation
Guide and the Sourcefire Software for X-Series Installation and Configuration Guide.
modify network settings for Sourcefire Software for X-Series. Note that Sourcefire Software for
X-Series does not support a proxy. For more information, see the FireSIGHT System Virtual Installation
Guide and the Sourcefire Software for X-Series Installation and Configuration Guide.
You can customize the following network settings:
IPv4 and IPv6-Specific Management Interface Settings
The FireSIGHT System provides a dual stack implementation for both IPv4 and IPv6 management
environments. You can choose one or both protocols; disable the protocol (if any) you do not want
to use.
environments. You can choose one or both protocols; disable the protocol (if any) you do not want
to use.
For each enabled management protocol, you must specify the IP address of the management
interface, a netmask or prefix length, and the default gateway. You can either set these manually or
configure the appliance to retrieve them from a local DHCP server or IPv6 router.
interface, a netmask or prefix length, and the default gateway. You can either set these manually or
configure the appliance to retrieve them from a local DHCP server or IPv6 router.
Shared Management Settings
Regardless of your management environment, you can specify up to three DNS servers, as well as
the host name and domain for the device.
the host name and domain for the device.
On Defense Centers, you can also change the maximum transmission unit (MTU) for the
management interface, which designates the largest size packet, in bytes, that can pass through the
interface. The default value is 1500 bytes.
management interface, which designates the largest size packet, in bytes, that can pass through the
interface. The default value is 1500 bytes.
Finally, you can change the management port. Sourcefire 3D System appliances communicate using
a two-way, SSL-encrypted communication channel, which by default is on port 8305. Although
Sourcefire strongly recommends that you keep the default setting, if the management port conflicts
with other communications on your network, you can choose a different port.
a two-way, SSL-encrypted communication channel, which by default is on port 8305. Although
Sourcefire strongly recommends that you keep the default setting, if the management port conflicts
with other communications on your network, you can choose a different port.
Caution
If you change the management port, you must change it for all appliances in your deployment that need
to communicate with each other.
to communicate with each other.
LCD Panel Settings (Series 3 devices)
Series 3 devices allow you view device information using an LCD panel on the front of the device.
On the Series 3 Network page, you can also allow people to change network settings using the LCD
panel.
On the Series 3 Network page, you can also allow people to change network settings using the LCD
panel.
Caution
Allowing reconfiguration using the LCD panel can present a security risk. You need only physical
access, not authentication, to configure network settings using the LCD panel.
access, not authentication, to configure network settings using the LCD panel.
Proxy Settings
All Cisco appliances are configured to directly connect to the Internet on ports 443/tcp (HTTPS) and
80/tcp (HTTP); see
80/tcp (HTTP); see
. With the
exception of Sourcefire Software for X-Series, Cisco appliances support use of a proxy server, to
which you can authenticate via HTTP Digest.
which you can authenticate via HTTP Digest.
To configure network settings for the local appliance:
Access:
Admin