Cisco Cisco ASA 5580 Adaptive Security Appliance Guía De Instalación
2
1
About the Cisco Firepower Management Center
Remediation Module for ACI
With the Cisco Firepower Management Center Remediation Module for ACI, when an attack on your
network is detected by the Firepower Management Center 6.1 or FireSIGHT Management Center
5.4.x, the offending end point can now be completely quarantined in the Application Policy
Infrastructure Controller (APIC) so that no further traffic is allowed to go in or out of that end point.
The following illustration shows the relationship between the Firepower Management Center and the
APIC when the Remediation Module is installed.
network is detected by the Firepower Management Center 6.1 or FireSIGHT Management Center
5.4.x, the offending end point can now be completely quarantined in the Application Policy
Infrastructure Controller (APIC) so that no further traffic is allowed to go in or out of that end point.
The following illustration shows the relationship between the Firepower Management Center and the
APIC when the Remediation Module is installed.
The illustration above shows the following process of quarantining a network attack in the APIC:
Step 1
An end point with an infected application in an End-Point Group (EPG) launches an attack
on your network. The attack is blocked inline by either a Cisco Firepower Next-Generation
Firewall (physical or virtual), a Cisco ASA with FirePOWER Services, or a Cisco FirePOWER
Appliance (physical or virtual).
on your network. The attack is blocked inline by either a Cisco Firepower Next-Generation
Firewall (physical or virtual), a Cisco ASA with FirePOWER Services, or a Cisco FirePOWER
Appliance (physical or virtual).
Step 2
An attack event is generated and sent to the Cisco Firepower Management Center (FMC). The
attack event includes information about the infected end point.
attack event includes information about the infected end point.
Step 3
The attack event is configured to trigger the remediation module for APIC, which used the
APIC North-Bound (NB) API to contain the infected end point in the ACI fabric.
APIC North-Bound (NB) API to contain the infected end point in the ACI fabric.
Step 4
The APIC quickly contains/quarantines the infected application workload into an isolated
microsegment (uSeg) EPG.
microsegment (uSeg) EPG.