Cisco Cisco Firepower Management Center 4000
1-10
FireSIGHT System User Guide
Chapter 1 Introduction
FireSIGHT System Components
Redundancy and Resource Sharing
The redundancy and resource-sharing features of the FireSIGHT System allow you to ensure continuity
of operations and to combine the processing resources of multiple physical devices.
of operations and to combine the processing resources of multiple physical devices.
Defense Center High Availability
To ensure continuity of operations, a Defense Center high availability feature allows you to designate
redundant DC1000, DC1500, DC3000, or DC3500 Defense Centers to manage devices. Event data
streams from managed devices to both Defense Centers; certain configuration elements are maintained
on both Defense Centers. If one Defense Center fails, you can monitor your network without interruption
using the other Defense Center.
redundant DC1000, DC1500, DC3000, or DC3500 Defense Centers to manage devices. Event data
streams from managed devices to both Defense Centers; certain configuration elements are maintained
on both Defense Centers. If one Defense Center fails, you can monitor your network without interruption
using the other Defense Center.
Device Stacking
Device stacking allows you to increase the amount of traffic inspected on a network segment by
connecting two to four physical devices in a stacked configuration. When you establish a stacked
configuration, you combine the resources of each stacked device into a single, shared configuration.
connecting two to four physical devices in a stacked configuration. When you establish a stacked
configuration, you combine the resources of each stacked device into a single, shared configuration.
Device Clustering
Device clustering (sometimes called device high availability) allows you to establish redundancy of
networking functionality and configuration data between two or more Series 3 devices or stacks.
Clustering two or more peer devices or stacks results in a single logical system for policy applies, system
updates, and registration. With device clustering, the system can fail over either manually or
automatically.
networking functionality and configuration data between two or more Series 3 devices or stacks.
Clustering two or more peer devices or stacks results in a single logical system for policy applies, system
updates, and registration. With device clustering, the system can fail over either manually or
automatically.
In most cases, you can achieve Layer 3 redundancy without clustering devices by using SFRP. SFRP
allows devices to act as redundant gateways for specified IP addresses. With network redundancy, you
can configure two or more devices or stacks to provide identical network connections, ensuring
connectivity for other hosts on the network.
allows devices to act as redundant gateways for specified IP addresses. With network redundancy, you
can configure two or more devices or stacks to provide identical network connections, ensuring
connectivity for other hosts on the network.
Load Balancing with Sourcefire Software for X-Series
You can take advantage of the X-Series platform’s load balancing and redundancy benefits (comparable
to Cisco physical device clustering) by deploying Sourcefire Software for X-Series as individual VAPs
in a multi-member VAP group on the X-Series platform. You then manage these VAP groups using the
Defense Center. For more information, see the Sourcefire Software for X-Series Installation and
Configuration Guide.
to Cisco physical device clustering) by deploying Sourcefire Software for X-Series as individual VAPs
in a multi-member VAP group on the X-Series platform. You then manage these VAP groups using the
Defense Center. For more information, see the Sourcefire Software for X-Series Installation and
Configuration Guide.
Network Traffic Management
The FireSIGHT System’s network traffic management features allow managed devices to act as part of
your organization’s network infrastructure. You can configure Series 3 devices to serve in a switched,
routed, or hybrid (switched and routed) environment; to perform network address translation (NAT); and
to build secure virtual private network (VPN) tunnels.
your organization’s network infrastructure. You can configure Series 3 devices to serve in a switched,
routed, or hybrid (switched and routed) environment; to perform network address translation (NAT); and
to build secure virtual private network (VPN) tunnels.
Switching
You can configure the FireSIGHT System in a Layer 2 deployment so that it provides packet switching
between two or more network segments. In a Layer 2 deployment, you configure switched interfaces and
virtual switches on managed devices to operate as standalone broadcast domains. A virtual switch uses
the MAC address from a host to determine where to send packets.
between two or more network segments. In a Layer 2 deployment, you configure switched interfaces and
virtual switches on managed devices to operate as standalone broadcast domains. A virtual switch uses
the MAC address from a host to determine where to send packets.