Cisco Cisco Firepower Management Center 4000 Release Notes
Version 5.2.0.2
Sourcefire 3D System Release Notes
35
Features Introduced in Previous Versions
Drop BPDUs Support
The drop Bridge Protocol Data Units (BPDUs) configuration added in Version 5.2
allows you to set up an inline configuration that operates over a single physical
link. You can now configure a virtual switch with two logical interfaces; each
interface must have a different configured VLAN tag. Additionally, on a third-party
switch or other supported device, you must configure two VLANs and two logical
interfaces; each interface must be in a different VLAN but configured on the same
physical port.
Series 2 Device Reimaging
Series 2 appliances are the second series of Sourcefire physical appliances, which
includes the following appliance models:
•
3D500/1000/2000
•
3D2100/2500/3500/4500
•
3D6500
•
3D9900
•
DC500/1000/3000
Version 5.2.0.2 of the Sourcefire 3D System can now run on Series 2 appliances.
Previously, Series 2 devices supported only 4.x versions of the Sourcefire 3D
System. Note that Series 2 devices running Version 5.2.0.2 must be managed by
a Defense Center; they no longer have standalone capabilities. For more
information, see the Sourcefire 3D System User Guide.
To update any Series 2 appliance to Version 5.2.0.2 from Version 4.x, you must
To update any Series 2 appliance to Version 5.2.0.2 from Version 4.x, you must
reimage the appliance, which discards all events and configuration data stored on
those appliances. For more information about reimaging, see the Sourcefire 3D
System Installation Guide.
Geolocation
The geolocation feature enhances Sourcefire 3D System analysis tools with data
about the geographical sources of routable IP addresses (the country, continent,
and so on). You can use this data to determine if, for example, connections
originate from or terminate in countries unconnected with your organization.
Geolocation information is available in intrusion events, connection events, file
Geolocation information is available in intrusion events, connection events, file
events, malware events, host profiles, and user profiles. The Context Explorer
and the dashboard can also now include geolocation information.
After you install a geolocation database (GeoDB) update, you can view granular
After you install a geolocation database (GeoDB) update, you can view granular
information available for an IP address, such as postal code, coordinates, time
zone, Autonomous System Number (ASN), internet service provider (ISP), use
type (home or business), organization, domain name, connection type, and proxy
information. Note that the system does not retroactively generate data for events
logged before the update. You can also pinpoint the detected location with any of
four third-party map tools. Note that without a GeoDB update, only the flag icon
and ISO3 alpha country code appear.