Cisco Cisco Firepower Management Center 2000 Notas de publicación
6
Firepower System Release Notes
New Features and Functionality
Table 3
New Features in Version 6.1.0: Threat-Focused Enhancements
New Feature
Description
Supported Platforms
VDI Identity Support
Note:
The TS Agent feature (VDI Identity Support) is available in a limited
availability program adjacent to Version 6.1.
In order to design policies that enforce rules based on the user’s identity, you
must have the ability to identify the user correctly. This is a problem in a shared
environment, where multiple users are using the same IP address – identifying
which user certain traffic applies to becomes difficult.
must have the ability to identify the user correctly. This is a problem in a shared
environment, where multiple users are using the same IP address – identifying
which user certain traffic applies to becomes difficult.
Firepower now provides the ability to better identify individual users in shared
environments – such as Citrix’s Virtual Desktop Infrastructure (VDI) – in order
to accurately enforce user-based policy rules on the firewall.
environments – such as Citrix’s Virtual Desktop Infrastructure (VDI) – in order
to accurately enforce user-based policy rules on the firewall.
Rather than just associating a user with an IP address, Firepower now associates
the user with both the IP address and a port range combination through the use
of a new agent deployed on the Windows Terminal Server. The Cisco Terminal
Services Agent (TS Agent) intercepts every log in to the terminal server and
assigns a port range to every user that logs in. Using RESTful APIs it
communicates this information (user, IP address and port range) to the
Firepower Management Center which in turn communicates it to the individual
Firepower NGFW appliances.
the user with both the IP address and a port range combination through the use
of a new agent deployed on the Windows Terminal Server. The Cisco Terminal
Services Agent (TS Agent) intercepts every log in to the terminal server and
assigns a port range to every user that logs in. Using RESTful APIs it
communicates this information (user, IP address and port range) to the
Firepower Management Center which in turn communicates it to the individual
Firepower NGFW appliances.
Now when User 1 logs in, Firepower NGFW not only sees the IP address, but
also knows the port range assigned to the user. Based on the IP address and the
port range, Firepower NGFW will properly map the traffic to User 1. When User
2 logs in, a new port range is assigned which enables Firepower NGFW to map
the appropriate traffic to that user, while applying any specific policy rules to
that user and their traffic.
also knows the port range assigned to the user. Based on the IP address and the
port range, Firepower NGFW will properly map the traffic to User 1. When User
2 logs in, a new port range is assigned which enables Firepower NGFW to map
the appropriate traffic to that user, while applying any specific policy rules to
that user and their traffic.
Firepower Management Center
64-bit Firepower Management
Center Virtual
Center Virtual
SafeSearch / YouTube
EDU Policies
EDU Policies
In a use case primarily designed to address requirements by educational
institutions, Firepower Version 6.1 now provides support for organizations that
want to control what results can be returned utilizing a search engine, as well as
control which YouTube videos can be viewed by students.
institutions, Firepower Version 6.1 now provides support for organizations that
want to control what results can be returned utilizing a search engine, as well as
control which YouTube videos can be viewed by students.
SafeSearch is a feature provided by many search engines. When enabled, every
time a user performs a search query, SafeSearch filters out objectionable content
and stops people from searching adult sites. Firepower policy rules allow you to
both enable SafeSearch in the search engines that support the feature as well as
enforce how search engines that do not support SafeSearch should be handled
(i.e., Allow, Block, or Block with Reset).
time a user performs a search query, SafeSearch filters out objectionable content
and stops people from searching adult sites. Firepower policy rules allow you to
both enable SafeSearch in the search engines that support the feature as well as
enforce how search engines that do not support SafeSearch should be handled
(i.e., Allow, Block, or Block with Reset).
YouTube EDU is a service provided by YouTube for use by educational
institutions. It allows them to create their own YouTube Channel and publish
their video courseware on that channel for their students to access. Firepower
access control rules can now specify a list of that courseware, enabling students
to access their educational content, while restricting them from viewing
non-educational content. Institutions must have a YouTube account for this
feature to work.
institutions. It allows them to create their own YouTube Channel and publish
their video courseware on that channel for their students to access. Firepower
access control rules can now specify a list of that courseware, enabling students
to access their educational content, while restricting them from viewing
non-educational content. Institutions must have a YouTube account for this
feature to work.
It should be noted that SSL decryption policies must be configured for both of
these features to work, especially because most search engines are now using
SSL encryption.
these features to work, especially because most search engines are now using
SSL encryption.
Firepower Management Center
64-bit Firepower Management
Center Virtual
Center Virtual
7000 and 8000 Series
NGIPSv
ASA with FirePOWER
Services
Services
Firepower Threat Defense
Firepower Threat Defense
Virtual: VMware, AWS, and
KVM
Virtual: VMware, AWS, and
KVM