Cisco Cisco Firepower Management Center 4000
6-16
FireSIGHT System User Guide
Chapter 6 Managing Devices
Working with Devices
You can select an access control policy to apply to a device as you register it to the Defense Center. If
you attempt to apply a policy that requires a license that is not enabled on the device, the policy apply
fails. Also, if the access control policy is associated with a network discovery policy, that policy also
fails to apply as network discovery requires access control to properly apply to a managed device.
you attempt to apply a policy that requires a license that is not enabled on the device, the policy apply
fails. Also, if the access control policy is associated with a network discovery policy, that policy also
fails to apply as network discovery requires access control to properly apply to a managed device.
When you register a device cluster or device stack, although you can select licenses, these licenses
cannot be applied upon device registration. This ensures that the cluster or stack is running the proper
licenses to prevent it from entering a degraded state with mismatched licenses. After registration, you
can evaluate the licenses in either the general properties (cluster) or stack properties (stack) of the Device
Management page. For more information, see
cannot be applied upon device registration. This ensures that the cluster or stack is running the proper
licenses to prevent it from entering a degraded state with mismatched licenses. After registration, you
can evaluate the licenses in either the general properties (cluster) or stack properties (stack) of the Device
Management page. For more information, see
.
When you register a Series 2 device, although you can select licenses, any licenses you select are not
applied upon device registration. Series 2 devices automatically have Protection capabilities, with the
exception of Security Intelligence filtering. You cannot disable these capabilities, nor can you apply
other licenses to a Series 2 device.
applied upon device registration. Series 2 devices automatically have Protection capabilities, with the
exception of Security Intelligence filtering. You cannot disable these capabilities, nor can you apply
other licenses to a Series 2 device.
Tip
To modify the detailed configuration of a device, click the edit icon (
) next to the device. See
and
for more information.
To add a device to a Defense Center:
Access:
Admin/Network Admin
Step 1
Configure the device to be managed by the Defense Center.
For FirePOWER devices, use the procedure in
. After the
device confirms communication with the Defense Center, the Pending Registration status appears.
For virtual devices, Sourcefire Software for X-Series, and ASA FirePOWER devices, configure
remote management using the device’s command line interface (CLI).
remote management using the device’s command line interface (CLI).
Note
In some high availability deployments where network address translation (NAT) is used, you
may also need to add the secondary Defense Center as a manager. For more information, contact
Support.
may also need to add the secondary Defense Center as a manager. For more information, contact
Support.
Step 2
Select
Devices > Device Management
.
The Device Management page appears.
Step 3
From the
Add
drop-down menu, select
Add Device
.
The Add Device pop-up window appears.
Step 4
In the
Host
field, type the IP address or the hostname of the device you want to add.
The hostname of the device is the fully qualified domain name or the name that resolves through the local
DNS to a valid IP address.
DNS to a valid IP address.
Note that in a NAT environment, you may not need to specify the IP address or host name of the device,
if you already specified the IP address or host name of the Defense Center when you configured the
device to be managed by the Defense Center. For more information, see
if you already specified the IP address or host name of the Defense Center when you configured the
device to be managed by the Defense Center. For more information, see
.
Caution
Use a hostname rather than an IP address if your network uses DHCP to assign IP addresses.