Cisco Cisco Firepower 9300 Security Appliance Guía De Instalación
2
Cisco Firepower Threat Defense for Firepower 9300 Quick Start Guide
policy configuration and deployment. The Firepower Management Center has some customized features that
differentiate a Firepower 9300 security appliance with Firepower Threat Defense from other Firepower Threat
Defense platforms.
differentiate a Firepower 9300 security appliance with Firepower Threat Defense from other Firepower Threat
Defense platforms.
You can also access the Firepower Threat Defense CLI from the Firepower 9300 supervisor CLI using an internal
Telnet connection. From within the Firepower 9300 security appliance, you can later configure SSH or Telnet
access over any of its management or data interfaces.
Telnet connection. From within the Firepower 9300 security appliance, you can later configure SSH or Telnet
access over any of its management or data interfaces.
Management/Diagnostic Interface and Network Deployment
The physical management interface is shared between the Management logical interface and the Diagnostic
logical interface.
logical interface.
The Firepower Threat Defense device uses the setup IP address, and associated route to the gateway, for
management by the Firepower Management Center. The management IP address and route are not included on
the Firepower Management Center web interface in the list of interfaces or static routes for the device; they can
only be set by the setup script and at the CLI. After you perform the initial setup, configure the security and access
policies, device settings, and interfaces using the Firepower Management Center.
management by the Firepower Management Center. The management IP address and route are not included on
the Firepower Management Center web interface in the list of interfaces or static routes for the device; they can
only be set by the setup script and at the CLI. After you perform the initial setup, configure the security and access
policies, device settings, and interfaces using the Firepower Management Center.
If you choose to do syslog or SNMP reporting over the physical management port, note that you must configure a
separate IP address and route and external authentication for the Diagnostic 0/0 or Diagnostic 1/1 interface using
the Firepower Management Center web interface. However, Cisco recommends you use a data port for reporting
purposes to simplify deployment.
separate IP address and route and external authentication for the Diagnostic 0/0 or Diagnostic 1/1 interface using
the Firepower Management Center web interface. However, Cisco recommends you use a data port for reporting
purposes to simplify deployment.
See the Firepower Threat Defense Interfaces chapter of the Firepower Management Center Configuration Guide
for more information about the management/diagnostic interface.
for more information about the management/diagnostic interface.
Licensing Requirements for Firepower Threat Defense
Firepower Threat Defense running on the Firepower 9300 requires Smart Software Licensing, configurable from
the Firepower Management Center. See the Firepower Management Center Configuration Guide or the online help
in Firepower Management Center for more information.
the Firepower Management Center. See the Firepower Management Center Configuration Guide or the online help
in Firepower Management Center for more information.
For Firepower Threat Defense running on the Firepower 9300 security modules, Smart Software Licensing
configuration is split between the Firepower 9300 supervisor and the security module.
configuration is split between the Firepower 9300 supervisor and the security module.
Firepower 9300 - Configure all Smart Software Licensing infrastructure in the supervisor, including parameters
for communicating with the License Authority. The Firepower 9300 itself does not require any licenses to
operate.
for communicating with the License Authority. The Firepower 9300 itself does not require any licenses to
operate.
Firepower Threat Defense - Configure all license entitlements for the security services from the Firepower
Management Center.
Management Center.
The Firepower 9300 chassis registers as a device, while the Firepower Threat Defense on the security modules in
the chassis request their own licenses. See the Cisco FXOS Firepower Chassis Manager Configuration Guide for
more information about license management for the Firepower 9300.
the chassis request their own licenses. See the Cisco FXOS Firepower Chassis Manager Configuration Guide for
more information about license management for the Firepower 9300.
See “Licensing the Firepower System” in the Firepower Management Center Configuration Guide for more
information about how to manage licenses on the Firepower Management Center.
information about how to manage licenses on the Firepower Management Center.
Access the Firepower Chassis Manager Web Interface
You can manage application images, configure hardware interface settings, and other basic operating parameters
on the supervisor using the Firepower Chassis Manager web interface.
on the supervisor using the Firepower Chassis Manager web interface.
Procedure
1.
To log in to the Firepower Chassis Manager Web Interface: