Cisco Cisco Firepower Management Center 4000
1-11
FireSIGHT System User Guide
Chapter 1 Introduction
FireSIGHT System Components
Routing
You can configure the FireSIGHT System in a Layer 3 deployment so that it routes traffic between two
or more interfaces. In a Layer 3 deployment, you configure routed interfaces and virtual routers on
managed devices to receive and forward traffic.The system routes packets by making packet forwarding
decisions according to the destination IP address. Routers obtain the destination from the outgoing
interface based on the forwarding criteria, and access control rules designate the security policies to
apply.
or more interfaces. In a Layer 3 deployment, you configure routed interfaces and virtual routers on
managed devices to receive and forward traffic.The system routes packets by making packet forwarding
decisions according to the destination IP address. Routers obtain the destination from the outgoing
interface based on the forwarding criteria, and access control rules designate the security policies to
apply.
When you configure virtual routers, you can define static routes. In addition, you can configure Routing
Information Protocol (RIP) and Open Shortest Path First (OSPF) dynamic routing protocols. You can
also configure a combination of static routes and RIP or static routes and OSPF. You can set up DHCP
relay for each virtual router you configure.
Information Protocol (RIP) and Open Shortest Path First (OSPF) dynamic routing protocols. You can
also configure a combination of static routes and RIP or static routes and OSPF. You can set up DHCP
relay for each virtual router you configure.
If you use both virtual switches and virtual routers in your Cisco appliance configuration, you can
configure associated hybrid interfaces to bridge traffic between them. These utilities analyze traffic to
determine its type and the appropriate response (route, switch, or otherwise).
configure associated hybrid interfaces to bridge traffic between them. These utilities analyze traffic to
determine its type and the appropriate response (route, switch, or otherwise).
NAT
In a Layer 3 deployment, you can configure network address translation (NAT). You can expose an
internal server to an external network, or allow an internal host or server to connect to an external
application. You can also configure NAT to hide private network addresses from an external network by
using a block of IP addresses, or by using a limited block of IP addresses and port translation.
internal server to an external network, or allow an internal host or server to connect to an external
application. You can also configure NAT to hide private network addresses from an external network by
using a block of IP addresses, or by using a limited block of IP addresses and port translation.
VPN
A virtual private network (VPN) is a network connection that establishes a secure tunnel between
endpoints via a public source, such as the Internet or other network. You can configure the FireSIGHT
System to build secure VPN tunnels between the virtual routers of Series 3 devices.
endpoints via a public source, such as the Internet or other network. You can configure the FireSIGHT
System to build secure VPN tunnels between the virtual routers of Series 3 devices.
FireSIGHT
FireSIGHT™ is Cisco’s discovery and awareness technology that collects information about hosts,
operating systems, applications, users, files, networks, geolocation information, and vulnerabilities, in
order to provide you with a complete view of your network.
operating systems, applications, users, files, networks, geolocation information, and vulnerabilities, in
order to provide you with a complete view of your network.
You can use the Defense Center’s web interface to view and analyze data collected by FireSIGHT. You
can also use this data to help you perform access control and modify intrusion rule states. In addition,
you can generate and track indications of compromise on hosts on your network based on correlated
event data for the hosts.
can also use this data to help you perform access control and modify intrusion rule states. In addition,
you can generate and track indications of compromise on hosts on your network based on correlated
event data for the hosts.
Access Control
Access control is a policy-based feature that allows you to specify, inspect, and log the traffic that can
traverse your network. An access control policy determines how the system handles traffic on your
network. You can use a policy that does not include access control rules to handle traffic in one of the
following ways, using what is called the default action:
traverse your network. An access control policy determines how the system handles traffic on your
network. You can use a policy that does not include access control rules to handle traffic in one of the
following ways, using what is called the default action:
•
block all traffic from entering your network
•
trust all traffic to enter your network without further inspection
•
allow all traffic to enter your network, and inspect the traffic with a network discovery policy only
•
allow all traffic to enter your network, and inspect the traffic with intrusion and network discovery
policies
policies