Cisco Cisco Firepower Management Center 2000
33-22
FireSIGHT System User Guide
Chapter 33 Blocking Malware and Prohibited Files
Working with Cloud Connections for FireAMP
The comparison report appears. Depending on your browser settings, the report may appear in a pop-up
window, or you may be prompted to save the report to your computer.
window, or you may be prompted to save the report to your computer.
Working with Cloud Connections for FireAMP
License:
Any
FireAMP is Cisco’s enterprise-class advanced malware analysis and protection solution. If your
organization has a FireAMP subscription, individual users install FireAMP Connectors on their
computers and mobile devices. These lightweight agents communicate with the Cisco cloud, which in
turn communicates with the Defense Center. After you configure the Defense Center to connect to the
cloud, you can receive records of scans, malware detections, and quarantines. The records are stored in
the Defense Center database as malware events. For more information, see
organization has a FireAMP subscription, individual users install FireAMP Connectors on their
computers and mobile devices. These lightweight agents communicate with the Cisco cloud, which in
turn communicates with the Defense Center. After you configure the Defense Center to connect to the
cloud, you can receive records of scans, malware detections, and quarantines. The records are stored in
the Defense Center database as malware events. For more information, see
.
Each Defense Center in your deployment can connect to the Cisco cloud. By default, the cloud sends
malware events for all groups within your organization, but you can restrict by group when you configure
the connection.
malware events for all groups within your organization, but you can restrict by group when you configure
the connection.
Internet Access and High Availability
The system uses port 443/HTTPS to connect to the Cisco cloud to receive endpoint-based malware
events. You must open that port, both inbound and outbound, on the Defense Center. Additionally, the
Defense Center must have direct access to the Internet. The default health policy includes the FireAMP
Status Monitor, which warns you if the Defense Center cannot connect to the cloud after an initial
successful connection, or if the connection is deregistered using the FireAMP portal.
events. You must open that port, both inbound and outbound, on the Defense Center. Additionally, the
Defense Center must have direct access to the Internet. The default health policy includes the FireAMP
Status Monitor, which warns you if the Defense Center cannot connect to the cloud after an initial
successful connection, or if the connection is deregistered using the FireAMP portal.
Cloud connections to receive endpoint-based malware events are not shared between members of a high
availability pair. To ensure continuity of operations, connect both the primary and secondary Defense
Centers to the cloud.
availability pair. To ensure continuity of operations, connect both the primary and secondary Defense
Centers to the cloud.
Managing Cloud Connections
Use the Defense Center’s FireAMP Management page (
FireAMP
>
FireAMP
Management
) to view and
create connections to the Cisco cloud or a private cloud, as well as disable and delete those connections.
A spinning state icon indicates that the connection is pending, for example, if you configured the
connection on the Defense Center, but now must authorize the connection using the FireAMP portal. A
failed or denied icon (
connection on the Defense Center, but now must authorize the connection using the FireAMP portal. A
failed or denied icon (
) indicates that the cloud denied the connection or the connection failed for
another reason.
Tip
Click any cloud name to open the FireAMP portal in a new browser window.
For more information, see:
•
•
Creating a Cisco Cloud Connection
License:
Any