Cisco Cisco Firepower 9300 Security Appliance 설치 가이드
1
Cisco Systems, Inc.
www.cisco.com
Cisco Firepower Threat Defense for
Firepower 9300 Quick Start Guide
Firepower 9300 Quick Start Guide
First Published:
March 10, 2016
1. About Firepower Threat Defense Security Services
The Cisco Firepower 9300 security appliance is a next-generation platform for network and content security
solutions. Its modular standalone chassis offers high-performance and flexible I/O options that enables it to run
multiple security services simultaneously. The Firepower 9300 security appliance can include up to three security
modules running Firepower Threat Defense.
solutions. Its modular standalone chassis offers high-performance and flexible I/O options that enables it to run
multiple security services simultaneously. The Firepower 9300 security appliance can include up to three security
modules running Firepower Threat Defense.
Firepower Threat Defense provides next-generation firewall services, including stateful firewalling, routing,
Next-Generation Intrusion Prevention System (NGIPS), Application Visibility and Control (AVC), URL filtering, and
Advanced Malware Protection (AMP). You can use a Threat Defense device in single context mode, and in routed
or transparent mode.
Next-Generation Intrusion Prevention System (NGIPS), Application Visibility and Control (AVC), URL filtering, and
Advanced Malware Protection (AMP). You can use a Threat Defense device in single context mode, and in routed
or transparent mode.
How Firepower Threat Defense Works with the Firepower 9300
The Firepower 9300 security appliance runs its own operating system on the supervisor called the Firepower
eXtensible Operating System (FXOS). The Firepower Chassis Manager provides simple, GUI-based management
capabilities. You can configure hardware interface settings, smart licensing, and other basic operating parameters
on the supervisor using the Firepower Chassis Manager web interface or CLI.
eXtensible Operating System (FXOS). The Firepower Chassis Manager provides simple, GUI-based management
capabilities. You can configure hardware interface settings, smart licensing, and other basic operating parameters
on the supervisor using the Firepower Chassis Manager web interface or CLI.
All physical interface operations are owned by the supervisor, including establishing external EtherChannels. You
can assign interfaces to a logical device running Firepower Threat Defense. Three types of interfaces are
supported: Data, Management, and Firepower Eventing. Only Management interfaces can be shared across
modules. The Firepower Eventing interface is dedicated to carrying only event traffic. You can assign interfaces to
the Firepower 9300 with Firepower Threat Defense either at the time of deployment or later as needed. These
interfaces use the same IDs in the supervisor as in the Firepower 9300 with Firepower Threat Defense
configuration.
can assign interfaces to a logical device running Firepower Threat Defense. Three types of interfaces are
supported: Data, Management, and Firepower Eventing. Only Management interfaces can be shared across
modules. The Firepower Eventing interface is dedicated to carrying only event traffic. You can assign interfaces to
the Firepower 9300 with Firepower Threat Defense either at the time of deployment or later as needed. These
interfaces use the same IDs in the supervisor as in the Firepower 9300 with Firepower Threat Defense
configuration.
When you deploy the Firepower 9300 with Firepower Threat Defense, the supervisor downloads an application
image of your choice, and establishes a default configuration. You can deploy the Firepower 9300 with Firepower
Threat Defense as either a standalone logical device, or as a cluster of Firepower Threat Defense modules. When
you use clustering, all modules in the chassis must belong to the cluster. Only intra-chassis clustering is supported.
image of your choice, and establishes a default configuration. You can deploy the Firepower 9300 with Firepower
Threat Defense as either a standalone logical device, or as a cluster of Firepower Threat Defense modules. When
you use clustering, all modules in the chassis must belong to the cluster. Only intra-chassis clustering is supported.
You must install Firepower Threat Defense software on all modules in the chassis; different software types are not
supported at this time. Note that modules can run different versions of the Firepower Threat Defense application,
but all modules must run Firepower Threat Defense.
supported at this time. Note that modules can run different versions of the Firepower Threat Defense application,
but all modules must run Firepower Threat Defense.
Firepower Management Center Support and CLI Access
When you deploy the Firepower 9300 with Firepower Threat Defense, you can specify a management interface
and registration information for the managing Firepower Management Center to allow for Firepower Management
Center access. You register Firepower Threat Defense devices as you would any managed device, and you can do
and registration information for the managing Firepower Management Center to allow for Firepower Management
Center access. You register Firepower Threat Defense devices as you would any managed device, and you can do