Cisco Cisco Firepower Management Center 4000
51-27
FireSIGHT System User Guide
Chapter 51 Configuring Appliance Settings
Enabling Cloud Communications
Use legacy port 32137 for network AMP lookups
Selecting this check box allows your system to use port 32137/tcp (the previous default port) for
network cloud lookups instead of port 443/tcp. If you updated your appliances from a previous
version of the FireSIGHT System, this check box is selected by default.
network cloud lookups instead of port 443/tcp. If you updated your appliances from a previous
version of the FireSIGHT System, this check box is selected by default.
Licensing
Performing category and reputation-based URL filtering and device-based malware detection
require that you enable the appropriate licenses on your managed devices; see
require that you enable the appropriate licenses on your managed devices; see
.
You cannot configure cloud connection options if you have no URL Filtering or Malware licenses
on the Defense Center. If you have one license but not the other, the Cloud Services local
configuration page displays only the options for which you are licensed. Defense Centers with
expired licenses cannot contact the cloud.
on the Defense Center. If you have one license but not the other, the Cloud Services local
configuration page displays only the options for which you are licensed. Defense Centers with
expired licenses cannot contact the cloud.
Note that, in addition to causing the URL Filtering configuration options to appear, adding a URL
Filtering license to your Defense Center automatically enables
Filtering license to your Defense Center automatically enables
Enable URL Filtering
and
Enable
Automatic Updates
. You can manually disable the options if needed.
Note that receiving endpoint-based malware events using a FireAMP subscription does not require
a license, nor does specifying individual URLs or groups of URLs to allow or block. For more
information, see
a license, nor does specifying individual URLs or groups of URLs to allow or block. For more
information, see
and
.
Internet Access and High Availability
The system uses ports 80/HTTP and 443/HTTPS to contact the Cisco cloud and also supports use
of a proxy; see
of a proxy; see
Although all URL filtering configurations and information are synchronized between Defense
Centers in a high availability deployment, only the primary Defense Center downloads URL filtering
data. If the primary Defense Center fails, you must make sure that the secondary Defense Center has
direct access to the Internet and use the web interface on the secondary Defense Center to promote
it to Active. For more information, see
Centers in a high availability deployment, only the primary Defense Center downloads URL filtering
data. If the primary Defense Center fails, you must make sure that the secondary Defense Center has
direct access to the Internet and use the web interface on the secondary Defense Center to promote
it to Active. For more information, see
.
On the other hand, although they share file policies and related configurations, Defense Centers in
a high availability pair share neither cloud connections nor malware dispositions. To ensure
continuity of operations, and to ensure that detected files’ malware dispositions are the same on both
Defense Centers, both primary and secondary Defense Centers must have access to the cloud.
a high availability pair share neither cloud connections nor malware dispositions. To ensure
continuity of operations, and to ensure that detected files’ malware dispositions are the same on both
Defense Centers, both primary and secondary Defense Centers must have access to the cloud.
Health Monitoring
The default health policy includes the following modules that track the state and stability of the
Defense Center’s cloud connections:
Defense Center’s cloud connections:
–
URL Filtering Monitor, which also warns you if the Defense Center fails to push category and
reputation updates to its managed devices
reputation updates to its managed devices
–
Advanced Malware Protection
Tip
Another module, the FireAMP Status Monitor, tracks the Defense Center’s connection to the Cisco cloud
for FireAMP subscription holders. For more information on health monitoring, see
for FireAMP subscription holders. For more information on health monitoring, see