Cisco Cisco AMP Threat Grid 5000 Appliance Guide De Montage
Cisco AMP Threat Grid Appliance Setup and Configuration Guide
PLANNING
PLANNING
5
http://www.cisco.com/c/dam/en/us/products/collateral/servers-unified-computing/ucs-c-series-rack-
servers/C220M3_SFF_SpecSheet.pdf
servers/C220M3_SFF_SpecSheet.pdf
Cisco has a power/cooling calculator, which you may also find useful:
https://mainstayadvisor.com/Go/Cisco/Cisco-UCS-Power-Calculator.aspx
Network Requirements
The Threat Grid Appliance requires three networks:
ADMIN - The "Administrative" network. Must be configured in order to perform the appliance setup.
CLEAN - The "Clean" network is used for inbound, trusted traffic to the appliance (requests). This includes
integrated appliances. For example, the Cisco Email Security appliances and Web Security appliances
(ESA/WSA) connect to the IP address of the Clean interface.
integrated appliances. For example, the Cisco Email Security appliances and Web Security appliances
(ESA/WSA) connect to the IP address of the Clean interface.
Note:
The following specific, restricted kinds of network traffic can be outbound from Clean:
•
Remote syslog connections
•
Email messages sent by the Threat Grid Appliance itself
•
Disposition Update Service connections to FireAMP Private Cloud devices
•
DNS requests related to any of the above
DIRTY - The "Dirty" network is used for outbound traffic from the appliance (including malware traffic).
Note:
We recommend using a dedicated external IP address (i.e., the "Dirty" interface) that is different from your
corporate IP, in order to protect your internal network assets.
For network interface setup information, see Network Interfaces, and Network Interface Connections Setup.
DNS Server Access
The DNS server used for purposes other than Disposition Update Service lookups, resolving remote syslog
connections, and resolving the mail server used for notifications from the Threat Grid software itself needs to be
accessible via the dirty network.
connections, and resolving the mail server used for notifications from the Threat Grid software itself needs to be
accessible via the dirty network.
By default, DNS uses the Dirty interface. The Clean interface is used for FireAMP Private Cloud integrations. If
the FireAMP Private Cloud hostname cannot be resolved over the Dirty interface, then a separate DNS server
that uses the Clean interface can be configured in the OpAdmin interface.
the FireAMP Private Cloud hostname cannot be resolved over the Dirty interface, then a separate DNS server
that uses the Clean interface can be configured in the OpAdmin interface.
See the Threat Grid Appliance Administrator’s Guide for additional information.
NTP Server Access
The NTP server needs to be accessible via the Dirty network.
Integrations – ESA/WSA/FireAMP etc.
Additional planning may be required if the Threat Grid Appliance is going to be used with other Cisco products,
such as ESA/WSA appliances, FireAMP Private Cloud, etc.
such as ESA/WSA appliances, FireAMP Private Cloud, etc.