Cisco Cisco FirePOWER Appliance 7020
6-7
FireSIGHT System User Guide
Chapter 6 Managing Devices
Configuring High Availability
•
change reconciliation snapshots and report settings
•
intrusion rule, geolocation database (GeoDB), and vulnerability database (VDB) updates
Health and System Policies
License:
Any
Supported Defense Centers:
DC1000, DC1500, DC3000, DC3500
Health and system policies for Defense Centers and managed devices are shared in high availability
pairs. Allow enough time to ensure that information about health policies, modules, blacklists, is
synchronized on a newly activated Defense Center.
pairs. Allow enough time to ensure that information about health policies, modules, blacklists, is
synchronized on a newly activated Defense Center.
Note
Although system policies are shared by Defense Centers in a high availability pair, they are not
automatically applied. If you want identical system policies on both Defense Centers, apply the policy
after it synchronizes.
automatically applied. If you want identical system policies on both Defense Centers, apply the policy
after it synchronizes.
Defense Centers in a high availability pair share the following system and health policy information:
•
system policies
•
system policy configurations (what policy is applied where)
•
health policies
•
health monitoring configurations (what policy is applied where)
•
which appliances are blacklisted from health monitoring
•
which appliances have individual health monitoring policies blacklisted
Correlation Responses
License:
Any
Supported Defense Centers:
DC1000, DC1500, DC3000, DC3500
Although Defense Centers share correlation policies, rules, and responses, Defense Centers do not share
the associations between correlation rules and their responses. This is to avoid launching duplicate
responses when correlation policies are violated.
the associations between correlation rules and their responses. This is to avoid launching duplicate
responses when correlation policies are violated.
You must upload and install any custom remediation modules and configure remediation instances on
your secondary Defense Center before remediations are available to associate with correlation policies.
If the primary Defense Center fails, not only should you quickly associate your correlation policies with
the appropriate responses and remediations on the secondary Defense Center, but you must also use the
web interface on the secondary Defense Center to promote it to Active
your secondary Defense Center before remediations are available to associate with correlation policies.
If the primary Defense Center fails, not only should you quickly associate your correlation policies with
the appropriate responses and remediations on the secondary Defense Center, but you must also use the
web interface on the secondary Defense Center to promote it to Active
to maintain continuity of
operations. For more information, see
. For
more information about correlation responses, see
and
When you restore your primary Defense Center after a failure, if you created associations between rules
or white lists and their responses and remediations on the secondary Defense Center, make sure you
remove the associations so responses and remediations will only be generated by the primary Defense
Center.
or white lists and their responses and remediations on the secondary Defense Center, make sure you
remove the associations so responses and remediations will only be generated by the primary Defense
Center.