Cisco Cisco Firepower Management Center 2000
1
Firepower System Release Notes
New Features and Functionality
Changed Functionality
The following features have changed functionality in Version 6.1.0:
The system now displays an HTTP response page for connections decrypted by the SSL policy, then blocked (or interactively blocked) either
by access control rules or by the access control policy default action. In these cases, the system encrypts the response page and sends it at the
end of the reencrypted SSL stream.
by access control rules or by the access control policy default action. In these cases, the system encrypts the response page and sends it at the
end of the reencrypted SSL stream.
However, the system does not display a response page for encrypted connections blocked by access control rules (or any other configuration).
Access control rules evaluate encrypted connections if you did not configure an SSL policy, or your SSL policy passes encrypted traffic.
Access control rules evaluate encrypted connections if you did not configure an SSL policy, or your SSL policy passes encrypted traffic.
For example, the system cannot decrypt HTTP/2 or SPDY sessions. If web traffic encrypted using one of these protocols reaches access control
rule evaluation, the system does not display a response page if the session is blocked.You can now force Firepower 8000 Series stacked devices
into maintenance mode when any member of the stack fails. For more information, contact Support.
rule evaluation, the system does not display a response page if the session is blocked.You can now force Firepower 8000 Series stacked devices
into maintenance mode when any member of the stack fails. For more information, contact Support.
Multicast Routing
Everything in terms of multicast routing you could do on ASA firewalls
(PIM and IGMP support) is now supported in Firepower NGFW.
(PIM and IGMP support) is now supported in Firepower NGFW.
Firepower Management Center
64-bit Firepower Management
Center Virtual
Center Virtual
Firepower Threat Defense on
Firepower 4100 Series
Firepower 4100 Series
Firepower Threat Defense on
Firepower 9300 Series
Firepower 9300 Series
Shared NAT
In previous releases, network address translation (NAT) rules could be
configured only for a single device. With the Shared NAT feature, you can
configure NAT policies and choose one or more firewalls to apply them to.
configured only for a single device. With the Shared NAT feature, you can
configure NAT policies and choose one or more firewalls to apply them to.
Firepower Management Center
64-bit Firepower Management
Center Virtual
Center Virtual
Firepower Threat Defense
Firepower Threat Defense
Virtual
Virtual
Fail-to-Wire Netmod
Support
Support
Fail-to-wire interfaces are now available for the Firepower 4100 Series and
9300 appliances. These physical interfaces are required on your appliance.
This feature is also critical for using these Firepower appliances as
standalone IPS deployments
9300 appliances. These physical interfaces are required on your appliance.
This feature is also critical for using these Firepower appliances as
standalone IPS deployments
Firepower Management Center
Firepower Threat Defense on
Firepower 4100 Series
Firepower 4100 Series
Firepower Threat Defense on
Firepower 9300 Series
Firepower 9300 Series
Enhanced Virtualization
Support
Support
The virtual form factor of Firepower Version 6.1 appliances can now run in
KVM virtualized environments, in addition to VMware and AWS (Amazon
Web Services) virtual environments.
KVM virtualized environments, in addition to VMware and AWS (Amazon
Web Services) virtual environments.
64-bit Firepower Management
Center
Center
Firepower Threat Defense
Virtual
Virtual
Unified Command Line
Interface (CLI)
Interface (CLI)
Previously, if you wanted to run ASA commands, you would have to go to
the Diagnostic CLI mode and run ASA commands.With Version 6.1, ASA
commands that are valuable in troubleshooting have been moved to the
Firepower prompt. So when you login (ssh) to your device, you can now
execute these commands right at the Firepower prompt without switching to
the debug CLI.
the Diagnostic CLI mode and run ASA commands.With Version 6.1, ASA
commands that are valuable in troubleshooting have been moved to the
Firepower prompt. So when you login (ssh) to your device, you can now
execute these commands right at the Firepower prompt without switching to
the debug CLI.
Firepower Management Center
64-bit Firepower Management
Center Virtual
Center Virtual
Firepower Threat Defense
Table 5
New Features for Version 6.1: Core Firewall Features (continued)
New Feature
Description
Supported Device Platforms