Cisco Cisco FirePOWER Appliance 8350 Guia Da Instalação
4-15
FireSIGHT System Installation Guide
Chapter 4 Setting Up a FireSIGHT System Appliance
Initial Setup Page: Defense Centers
You can add most pre-registered devices (see
) to the Defense Center
during the initial setup process. However, if a device and the Defense Center are separated by a NAT
device, you must add it after the setup process completes.
device, you must add it after the setup process completes.
When registering devices, leave the
Apply Default Access Control Policies
check box enabled if you want to
automatically apply access control policies to devices upon registration. Note that you cannot choose
which policy the Defense Center applies to each device, only whether to apply them. The policy that is
applied to each device depends on the detection mode (see
which policy the Defense Center applies to each device, only whether to apply them. The policy that is
applied to each device depends on the detection mode (see
) you chose when
configuring the device, as listed in the following table.
An exception occurs if you previously managed a device with a Defense Center and you changed the
device’s initial interface configuration. In this case, the policy applied by this new Defense Center page
depends on the changed (current) configuration of the device. If there are interfaces configured, the
Defense Center applies the Default Intrusion Prevention policy. Otherwise, the Defense Center applies
the Default Access Control policy.
device’s initial interface configuration. In this case, the policy applied by this new Defense Center page
depends on the changed (current) configuration of the device. If there are interfaces configured, the
Defense Center applies the Default Intrusion Prevention policy. Otherwise, the Defense Center applies
the Default Access Control policy.
To add a device, type its
Hostname
or
IP Address
, as well as the
Registration Key
you specified when you
registered the device. Remember this is a simple key that you specified, up to 37 characters in length,
and is not the same as a license key.
and is not the same as a license key.
Then, use the check boxes to add licensed capabilities to the device. You can only select licenses you
have already added to the Defense Center; see
have already added to the Defense Center; see
Because of architecture and resource limitations, not all licenses can be applied to all managed devices.
However, the setup page does not prevent you from enabling unsupported licenses on managed devices,
or enabling a capability for which you do not have a model-specific license. This is because the Defense
Center does not determine the device model until later. The system cannot enable an invalid license, and
attempting to enable an invalid license does not decrement your available license count.
However, the setup page does not prevent you from enabling unsupported licenses on managed devices,
or enabling a capability for which you do not have a model-specific license. This is because the Defense
Center does not determine the device model until later. The system cannot enable an invalid license, and
attempting to enable an invalid license does not decrement your available license count.
For more information on licensing, including which Defense Centers you can use to apply each license
to each device model, see
to each device model, see
.
Note
If you enabled
Apply Default Access Control Policies
, you must enable a Protection license on the devices
where you chose an
Inline
or
Passive
detection mode. You must also enable Protection on any previously
managed device that has configured interfaces. Otherwise, the default policy (which requires Protection
in those cases) will fail to apply.
in those cases) will fail to apply.
After you enable licenses, click
Add
to save the device’s registration settings and, optionally, add more
devices. If you selected the wrong options or mis-typed a device name, click
Delete
to remove it. You can
then re-add the device.
Table 4-2
Default Access Control Policy Applied Per Detection Mode
Detection Mode
Default Access Control Policy
Inline
Default Intrusion Prevention
Passive
Default Intrusion Prevention
Access Control
Default Access Control
Network Discovery
Default Network Discovery