Cisco Cisco FirePOWER Appliance 7020
Version 5.2.0.6
Sourcefire 3D System Release Notes
41
Features Introduced in Previous Versions
or unregister any device in a clustered stack with a Defense Center, the entire
clustered stack is registered or unregistered as a group.
All Series 3 devices that support stacking are supported for this feature. However,
All Series 3 devices that support stacking are supported for this feature. However,
stacked 3D9900 devices are not supported.
Drop BPDUs Support
The drop Bridge Protocol Data Units (BPDUs) configuration added in Version 5.2
allows you to set up an inline configuration that operates over a single physical
link. You can now configure a virtual switch with two logical interfaces; each
interface must have a different configured VLAN tag. Additionally, on a third-party
switch or other supported device, you must configure two VLANs and two logical
interfaces; each interface must be in a different VLAN but configured on the same
physical port.
Series 2 Device Reimaging
Series 2 appliances are the second series of Sourcefire physical appliances, which
includes the following appliance models:
•
3D500/1000/2000
•
3D2100/2500/3500/4500
•
3D6500
•
3D9900
•
DC500/1000/3000
Version 5.2.0.6 of the Sourcefire 3D System can now run on Series 2 appliances.
Previously, Series 2 devices supported only 4.x versions of the Sourcefire 3D
System. Note that Series 2 devices running Version 5.2.0.6 must be managed by
a Defense Center; they no longer have standalone capabilities. For more
information, see the Sourcefire 3D System User Guide.
To update any Series 2 appliance to Version 5.2.0.6 from Version 4.x, you must
information, see the Sourcefire 3D System User Guide.
To update any Series 2 appliance to Version 5.2.0.6 from Version 4.x, you must
reimage the appliance, which discards all events and configuration data stored on
those appliances. For more information about reimaging, see the Sourcefire 3D
System Installation Guide.
Geolocation
The geolocation feature enhances Sourcefire 3D System analysis tools with data
about the geographical sources of routable IP addresses (the country, continent,
and so on). You can use this data to determine if, for example, connections
originate from or terminate in countries unconnected with your organization.
Geolocation information is available in intrusion events, connection events, file
Geolocation information is available in intrusion events, connection events, file
events, malware events, host profiles, and user profiles. The Context Explorer
and the dashboard can also now include geolocation information.
After you install a geolocation database (GeoDB) update, you can view granular
After you install a geolocation database (GeoDB) update, you can view granular
information available for an IP address, such as postal code, coordinates, time