Cisco Cisco Firepower Management Center 2000
Firepower System Release Notes
Before You Begin: Important Update and Compatibility Notes
11
Policy Hierarchy and Inheritance
To support multiple domain management and make policy administration more efficient, Version 6.0 provides the
ability to create a hierarchy of policies. Global policies (e.g., access control) can be established that will apply to
all management environments. A policy hierarchy can then be constructed underneath the global policy level to
represent different environments, different companies, different business units, or different parts of the
organization. Each of these policy environments will inherit the policies of the hierarchy above it, allowing for more
consistent and efficient policy management.
ability to create a hierarchy of policies. Global policies (e.g., access control) can be established that will apply to
all management environments. A policy hierarchy can then be constructed underneath the global policy level to
represent different environments, different companies, different business units, or different parts of the
organization. Each of these policy environments will inherit the policies of the hierarchy above it, allowing for more
consistent and efficient policy management.
Expanded ASDM Management Availability
Cisco’s Adaptive Security Device Manager (ASDM) is the local management feature for Cisco ASA with
FirePOWER Services. It was introduced as part of the Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X
appliances. With Firepower v6.0, ASDM is now available on the remaining Cisco ASA with FirePOWER Services
appliances (ASA 5512-X / ASA 5515-X / ASA 5525-X / ASA 5545-X / ASA 5555-X / ASA 5585-X).
FirePOWER Services. It was introduced as part of the Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X
appliances. With Firepower v6.0, ASDM is now available on the remaining Cisco ASA with FirePOWER Services
appliances (ASA 5512-X / ASA 5515-X / ASA 5525-X / ASA 5545-X / ASA 5555-X / ASA 5585-X).
You cannot compare policies on the following pages: the NAT Policy page, the Platform Settings page, and
the SSL Policy page.
the SSL Policy page.
Version 6.0 does not support AMP for Firepower signature lookups with the private AMP cloud. In Version 6.0,
the system automatically submits SHA-256 signatures to the public AMP cloud. If you have a private AMP
cloud and are receiving events from endpoints, the Version 6.0 Firepower Management Center will continue
to receive those events without any additional changes to your configuration.
the system automatically submits SHA-256 signatures to the public AMP cloud. If you have a private AMP
cloud and are receiving events from endpoints, the Version 6.0 Firepower Management Center will continue
to receive those events without any additional changes to your configuration.
Syslog messages for connection events now populate information for the following fields: HTTP Referrer, User
Agent, and Referenced Host.
Agent, and Referenced Host.
Version 6.0 does not support Discovery Event Health Monitoring.)
You can now edit Automatic Application Bypass (AAB) settings on Cisco ASA with FirePOWER Services.
Before You Begin: Important Update and Compatibility
Notes
Notes
Before you begin the update process for Version 6.0.1, you should familiarize yourself with the behavior of the
system during the update process, as well as with any compatibility issues or required pre- or post-update
configuration changes.
system during the update process, as well as with any compatibility issues or required pre- or post-update
configuration changes.
Note:
To reduce the time to update to Version 6.0.1, install the Version 6.0.1 Pre-Installation Package before you
update. For more information, see the FireSIGHT System Release Notes for Version 6.0.1 Pre-Installation Package.
Caution:
Cisco strongly recommends you perform the update in a maintenance window or at a time when the
interruption will have the least impact on your deployment.
For more information, see the following sections: