Cisco Cisco FirePOWER Appliance 7010
1-8
FireSIGHT System User Guide
Chapter 1 Introduction
FireSIGHT System Appliances
Supported Capabilities by Managed Device Model
Devices are the appliances that handle network traffic; therefore, many FireSIGHT System capabilities
are dependent on the model of your managed devices.
are dependent on the model of your managed devices.
Note that the following table matches the major capabilities of the system with the devices that support
those capabilities, assuming you have the correct licenses installed and applied from the managing
Defense Center.
those capabilities, assuming you have the correct licenses installed and applied from the managing
Defense Center.
Keep in mind that although you can use any model of Defense Center running Version 5.3.1 of the system
to manage any Version 5.3 or Version 5.3.1 device, a few system capabilities are limited by the Defense
Center model. For example, you cannot use the Series 2 DC500 to manage devices performing Security
Intelligence filtering, even if the devices support that capability. For more information, see the
to manage any Version 5.3 or Version 5.3.1 device, a few system capabilities are limited by the Defense
Center model. For example, you cannot use the Series 2 DC500 to manage devices performing Security
Intelligence filtering, even if the devices support that capability. For more information, see the
table.
install a malware storage pack
DC1000, DC3000
yes
no
connect to an eStreamer, host input, or database
client
client
yes
yes
yes
Table 1-2
Supported Capabilities by Defense Center Model (continued)
Feature or Capability
Series 2
Defense Center
Series 3
Defense Center
Virtual
Defense Center
Table 1-3
Supported Capabilities by Managed Device Model
Feature or Capability
Series 2
Device
Series 3
Device
ASA FirePOWER
Virtual
Device
X-Series
network discovery: host, application,
and user
and user
yes
yes
yes
yes
yes
intrusion detection and prevention (IPS) yes
yes
yes
yes
yes
Security Intelligence filtering
no
yes
yes
yes
yes
access control: basic network control
yes
yes
yes
yes
yes
access control: geolocation-based
filtering
filtering
no
yes
yes
yes
no
access control: application control
no
yes
yes
yes
yes
access control: user control
no
yes
yes
yes
yes
access control: literal URLs
no
yes
yes
yes
yes
access control: URL filtering by
category and reputation
category and reputation
no
yes
yes
yes
yes
file control: by file type
yes
yes
yes
yes
yes
network-based advanced malware
protection (AMP)
protection (AMP)
no
yes
yes
yes
yes
Automatic Application Bypass
yes
yes
no
yes
no
fast-path rules
3D9900
8000 Series
no
no
no
strict TCP enforcement
no
yes
no
no
no