Cisco Cisco FirePOWER Appliance 7010
6-17
FireSIGHT System User Guide
Chapter 6 Managing Devices
Working with Devices
Step 5
In the
Registration Key
field, type the same registration key that you used when you configured the device
to be managed by the Defense Center.
Step 6
Optionally, add the device to a device group by selecting the group from the
Group
drop-down list.
For more information about device groups, see
Step 7
From the
Access Control Policy
drop-down list, select an initial policy to apply to the device:
•
The
Default Access Control
policy blocks all traffic from entering your network.
•
The
Default Intrusion Prevention
policy allows all traffic that is also passed by the Balanced Security
and Connectivity intrusion policy.
•
The
Default Network Discovery
policy allows all traffic, which is inspected by network discovery only.
•
You can select any existing user-defined access control policy.
For more information, see
Step 8
Select licenses to apply to the device. Note that:
•
Control, Malware, and URL Filtering licenses require a Protection license.
•
You cannot enable a VPN license on a virtual device, Sourcefire Software for X-Series, or
ASA FirePOWER device.
ASA FirePOWER device.
•
Although you can enable a Control license on a virtual device, Sourcefire Software for X-Series, or
ASA FirePOWER device, these devices do not support fast-path rules, switching, routing, stacking,
or clustering.
ASA FirePOWER device, these devices do not support fast-path rules, switching, routing, stacking,
or clustering.
•
You cannot change the license settings on clustered devices.
•
For stacked devices, you enable or disable the licenses for the stack on the Stack page of the
appliance editor.
appliance editor.
•
When you register a Series 2 device, any licenses you select are not applied upon device registration.
Series 2 devices automatically have Protection capabilities, with the exception of Security
Intelligence filtering. You cannot disable these capabilities, nor can you apply other licenses to a
Series 2 device.
Series 2 devices automatically have Protection capabilities, with the exception of Security
Intelligence filtering. You cannot disable these capabilities, nor can you apply other licenses to a
Series 2 device.
For more information, see
Step 9
If you used a NAT ID to identify the device when you configured it to be managed by the Defense Center,
expand the
expand the
Advanced
section and enter the same NAT ID in the
Unique NAT ID
field.
Step 10
To allow the device to transfer packets to the Defense Center, select the
Transfer Packets
check box.
This option is enabled by default. If you disable it, you completely prohibit packet transfer to the
Defense Center.
Defense Center.
Step 11
Click
Register
.
The device is added to the Defense Center. Note that it may take up to two minutes for the Defense
Center to verify the device’s heartbeat and establish communication.
Center to verify the device’s heartbeat and establish communication.
Applying Changes to Devices
License:
Any
After you make changes to the configuration of a device, a device cluster, or a device stack, you must
apply the changes before they take effect throughout the system. Note that the device must have
unapplied changes or this option remains disabled.
apply the changes before they take effect throughout the system. Note that the device must have
unapplied changes or this option remains disabled.