Cisco Cisco FirePOWER Appliance 7115 설치 가이드
Quick Start Guide - 7000 Series Devices
7000 SERIES
2014-5.3-3
Your device is typically deployed inside a firewall, where it
is connected to your trusted management network and the
various network segments you want to monitor.
is connected to your trusted management network and the
various network segments you want to monitor.
In a simple deployment scenario, you connect the management
interface on your device to your trusted management network
using an Ethernet cable, then connect the sensing interfaces
to the network segments you want to monitor using the
appropriate cables (copper or fiber) in either a passive or inline
cabling configuration.
interface on your device to your trusted management network
using an Ethernet cable, then connect the sensing interfaces
to the network segments you want to monitor using the
appropriate cables (copper or fiber) in either a passive or inline
cabling configuration.
The trusted management network (a restricted network
protected from unauthorized access) may have a single secure
connection to the Internet for security updates and similar
functions, but is separate from the rest of your network and is
not accessible to hosts used in daily business operations.
protected from unauthorized access) may have a single secure
connection to the Internet for security updates and similar
functions, but is separate from the rest of your network and is
not accessible to hosts used in daily business operations.
You can connect sensing interfaces to different network
segments dedicated to particular components of your business
that have distinct security requirements to target policies
based on the needs for specific segments. These segments
can include the DMZ (outward-facing servers, such as mail,
ftp, and web hosts), your internal network (hosts used in
daily operation and similar applications), and the core (hosts
reserved for critical business assets), and can also include
segments dedicated to remote locations, mobile access, or
other functions.
segments dedicated to particular components of your business
that have distinct security requirements to target policies
based on the needs for specific segments. These segments
can include the DMZ (outward-facing servers, such as mail,
ftp, and web hosts), your internal network (hosts used in
daily operation and similar applications), and the core (hosts
reserved for critical business assets), and can also include
segments dedicated to remote locations, mobile access, or
other functions.
How you cable your sensing interfaces determines your
configuration options. If you use passive cabling, you can
configure passive sensing interfaces. If you use inline cabling,
you can create passive, inline, inline with fail-open, virtual
switch, virtual router, or hybrid sensing interfaces on your
device. For more information on deployment options and
interface configurations and how they affect product features,
see the
configuration options. If you use passive cabling, you can
configure passive sensing interfaces. If you use inline cabling,
you can create passive, inline, inline with fail-open, virtual
switch, virtual router, or hybrid sensing interfaces on your
device. For more information on deployment options and
interface configurations and how they affect product features,
see the
Sourcefire 3D System User Guide and the Sourcefire 3D
System Installation Guide.
Deploying the Device
Page 2 of 8
DEPLOYING and CABLING
Cabling the Device
You can cable your device to configure passive or inline interfaces, depending on your deployment needs.
Use passive cabling if you want to:
monitor traffic
•
collect information about hosts, operating systems, applications, users, files, networks, and vulnerabilities
•
Use inline cabling if you want to use the same features as a passive deployment, plus:
configure a virtual switch, virtual router, or hybrid interface
•
perform network address translation (NAT)
•
use policies to block traffic based on access control features such as application control, user control, security
•
intelligence, URL dispositions, file control, malware detection, or intrusion prevention
Use the appropriate cables (as indicated by your interface) and cabling diagram for the interface you want to configure,
then use the web interface on the Defense Center to configure the interfaces. See Connecting the Sensing Interfaces on
page 4.
then use the web interface on the Defense Center to configure the interfaces. See Connecting the Sensing Interfaces on
page 4.