Cisco Cisco Firepower Management Center 2000
4
FireSIGHT System Release Notes
New Features and Functionality
Tip:
Cisco documentation may refer to the Defense Center as the FireSIGHT Management Center. The Defense Center
and the FireSIGHT Management Center are the same appliance.
Features and Functionality Introduced in Previous Versions
The following features and functionality were updated in Version 5.4.1:
The system now clears all intrusion policy locks when you upload intrusion rules or install intrusion rule updates.
FirePOWER Services Management Capabilities
Centralized Management of Cisco ASA5506-X with FirePOWER Services
The Defense Center is now able to manage FirePOWER Services (ASA FirePOWER devices) implementations running on
ASA5506-X devices in the same way it does on all of the other ASA5500-X devices. This enables the management of
multiple ASA5506-X devices running ASA FirePOWER devices from a single Defense Center, as long as the ASA
platform is running Version 9.3.1 or later and the ASA FirePOWER device is running Version 5.4.1 or later. Administrators
will be able to configure intrusion detection and prevention policies, advanced malware protection, application control,
user and group control, file control, and URL filtering and then apply those configurations to multiple ASA5506-X devices
all at once. In addition, Defense Centers provide critical dashboards, event views, alerting capabilities, and reporting from
all of your ASA FirePOWER devices in a single view.
ASA5506-X devices in the same way it does on all of the other ASA5500-X devices. This enables the management of
multiple ASA5506-X devices running ASA FirePOWER devices from a single Defense Center, as long as the ASA
platform is running Version 9.3.1 or later and the ASA FirePOWER device is running Version 5.4.1 or later. Administrators
will be able to configure intrusion detection and prevention policies, advanced malware protection, application control,
user and group control, file control, and URL filtering and then apply those configurations to multiple ASA5506-X devices
all at once. In addition, Defense Centers provide critical dashboards, event views, alerting capabilities, and reporting from
all of your ASA FirePOWER devices in a single view.
Direct Management of Cisco ASA5506-X with FirePOWER Services
Cisco’s Adaptive Security Device Manager (ASDM) can be used to perform the same ASA FirePOWER management
functions listed above, but only on one ASA5506-X device at a time. In addition, you can manage system policies,
licensing, and back up and restore directly.
functions listed above, but only on one ASA5506-X device at a time. In addition, you can manage system policies,
licensing, and back up and restore directly.
Management Limitations of Cisco ASA with FirePOWER Services
At the current time, the Cisco ASA FirePOWER product consists of two different products tightly integrated with each
other: the ASA Firewall and the FirePOWER Next-Generation Intrusion Prevention System (NGIPS). Whereas critical data
sharing between the two has been accomplished, a unified management platform is still in development.
other: the ASA Firewall and the FirePOWER Next-Generation Intrusion Prevention System (NGIPS). Whereas critical data
sharing between the two has been accomplished, a unified management platform is still in development.
For this reason, the Cisco ASA functionality is currently managed through the Cisco Security Manager (CSM) or the
Adaptive Security Device Manager (ASDM), and the FirePOWER Services functionality is managed through the Cisco
Defense Center. As a result, the Defense Center does not support any of the following capabilities:
Adaptive Security Device Manager (ASDM), and the FirePOWER Services functionality is managed through the Cisco
Defense Center. As a result, the Defense Center does not support any of the following capabilities:
Cisco Adaptive Security Appliance (ASA)
ASA device
Refers to the Cisco ASA hardware
Cisco ASA with FirePOWER Services
Refers to ASA devices with the ASA FirePOWER module installed
ASA FirePOWER module
Refers to the hardware and software modules installed on compatible ASA
devices
devices
ASA software
Refers to the base software installed on Cisco ASA devices
Adaptive Security Device Management
(ASDM)
(ASDM)
Refers to the Adaptive Security Device Manager used to manage ASA
functionality
functionality
Direct management
Refers to management of the ASA FirePOWER module on the ASA5506-X using
ASDM
ASDM
Centralized management
Refers to management of the ASA FirePOWER module on the ASA5506-X using
a FireSIGHT Defense Center
a FireSIGHT Defense Center
Table 1
Changes to Terminology (continued)
Version 5.4.0.2 and Version 5.4.1.1
Terminology
Terminology
Description