Cisco Cisco Firepower 4120 Security Appliance
Configuring Advanced Parameters in the DefensePro
Device-Security Setup
Access to devices can be limited to specified physical interfaces. Interfaces connected to insecure network
segments can be configured to discard some or all management traffic directed at the device itself. Administrators
can allow certain types of management traffic to a device (for example, SSH), while denying others such as
SNMP. If an intruder attempts to access the device through a disabled port, the device denies access, and
generates syslog and CLI traps as notification.
To configure access permissions for a selected device
1.
In the Configuration perspective, select Setup > Device Security > Advanced.
2.
To edit permissions for a port, double-click the relevant row.
3.
Select or clear the checkboxes to allow or deny access, and then, click Submit.
Table 28: Port Permission Parameters
Parameter
Description
Port
(Read-only) The name of the physical port.
SNMP Access
When selected, allows access to the port using SNMP.
Telnet Access
When selected, allows access to the port using Telnet.
SSH Access
When selected, allows access to the port using SSH.
Web Access
When selected, allows access to the port using WBM.
SSL Access
When selected, allows access to the port using SSL.
Configuring Port Pinging
You can define which physical interfaces can be pinged. When a ping is sent to an interface for which ping is not
allowed, the packet is discarded. By default, all the interfaces of the device allow pings.
To define the ports to be pinged
1.
In the Configuration perspective, select Setup > Device Security > Advanced > Ping Ports.
2.
To edit port ping settings, double-click the relevant row.
3.
Select or clear the checkbox to allow or not allow pinging, then click Submit.
Configuring Authentication Protocols for Device Management
This section comprises the following:
•
Configuring RADIUS Authentication for Device Management
DefensePro provides additional security by authenticating the users who access a device for management
purposes. With RADIUS authentication, you can use RADIUS servers to determine whether a user is allowed to
access device management using the CLI, Telnet, SSH or Web Based Management. You can also select whether
to use the device Local User Table when RADIUS servers are not available.
© 2016 Cisco | Radware. All rights reserved. This document is Cisco Public.
Page 76 of 281