Cisco Cisco Firepower Management Center 2000 發佈版本通知
4
FireSIGHT System Release Notes
New Features and Functionality
Direct Management of Cisco ASA with FirePOWER Services
Cisco’s Adaptive Security Device Manager (ASDM) can be used to perform the same ASA FirePOWER management
functions listed above, but only on one ASA device at a time (the ASA5506-X, ASA5506W-X, ASA5506H-X,
ASA5508-X, and ASA5516-X devices). In addition, you can manage system policies, licensing, and back up and restore
directly.
functions listed above, but only on one ASA device at a time (the ASA5506-X, ASA5506W-X, ASA5506H-X,
ASA5508-X, and ASA5516-X devices). In addition, you can manage system policies, licensing, and back up and restore
directly.
Management Limitations of Cisco ASA with FirePOWER Services
At the current time, the Cisco ASA FirePOWER product consists of two different products tightly integrated with each
other: the ASA Firewall and the FirePOWER Next-Generation Intrusion Prevention System (NGIPS). Whereas critical data
sharing between the two has been accomplished, a unified management platform is still in development.
other: the ASA Firewall and the FirePOWER Next-Generation Intrusion Prevention System (NGIPS). Whereas critical data
sharing between the two has been accomplished, a unified management platform is still in development.
For this reason, the Cisco ASA functionality is currently managed through the Cisco Security Manager (CSM) or the
Adaptive Security Device Manager (ASDM), and the FirePOWER Services functionality is managed through the Cisco
Defense Center. As a result, the Defense Center does not support any of the following capabilities:
Adaptive Security Device Manager (ASDM), and the FirePOWER Services functionality is managed through the Cisco
Defense Center. As a result, the Defense Center does not support any of the following capabilities:
Cisco ASA hardware-based features, including clustering, stacking, switching, routing, virtual private networks
(VPN), and network address translation (NAT).
(VPN), and network address translation (NAT).
Configuring ASA interfaces. In addition, when FirePOWER Services are deployed in SPAN port mode, any ASA
interfaces that have been configured will not be displayed.
interfaces that have been configured will not be displayed.
Shutting down, restarting or otherwise managing ASA processes.
Creating or restoring backups from ASA devices.
Writing access control rules to match traffic using VLAN tag conditions.
Note:
The ASA platform provides these features, configured using the ASA command line interface (CLI) and ASDM. For
more information, see the ASA FirePOWER module documentation.
Version 5.4.1:
FirePOWER Services Management Capabilities
Centralized Management of Cisco ASA5506-X with FirePOWER Services
The Defense Center is now able to manage FirePOWER Services (ASA FirePOWER devices) implementations running on
ASA5506-X devices in the same way it does on all of the other ASA5500-X devices. This enables the management of
multiple ASA5506-X devices running ASA FirePOWER devices from a single Defense Center, as long as the ASA
platform is running Version 9.3.1 or later and the ASA FirePOWER device is running Version 5.4.1 or later. Administrators
will be able to configure intrusion detection and prevention policies, advanced malware protection, application control,
user and group control, file control, and URL filtering and then apply those configurations to multiple ASA5506-X devices
all at once. In addition, Defense Centers provide critical dashboards, event views, alerting capabilities, and reporting from
all of your ASA FirePOWER devices in a single view.
ASA5506-X devices in the same way it does on all of the other ASA5500-X devices. This enables the management of
multiple ASA5506-X devices running ASA FirePOWER devices from a single Defense Center, as long as the ASA
platform is running Version 9.3.1 or later and the ASA FirePOWER device is running Version 5.4.1 or later. Administrators
will be able to configure intrusion detection and prevention policies, advanced malware protection, application control,
user and group control, file control, and URL filtering and then apply those configurations to multiple ASA5506-X devices
all at once. In addition, Defense Centers provide critical dashboards, event views, alerting capabilities, and reporting from
all of your ASA FirePOWER devices in a single view.
Direct Management of Cisco ASA5506-X with FirePOWER Services
Cisco’s Adaptive Security Device Manager (ASDM) can be used to perform the same ASA FirePOWER management
functions listed above, but only on one ASA5506-X device at a time. In addition, you can manage system policies,
licensing, and back up and restore directly.
functions listed above, but only on one ASA5506-X device at a time. In addition, you can manage system policies,
licensing, and back up and restore directly.
Management Limitations of Cisco ASA with FirePOWER Services
At the current time, the Cisco ASA FirePOWER product consists of two different products tightly integrated with each
other: the ASA Firewall and the FirePOWER Next-Generation Intrusion Prevention System (NGIPS). Whereas critical data
sharing between the two has been accomplished, a unified management platform is still in development.
other: the ASA Firewall and the FirePOWER Next-Generation Intrusion Prevention System (NGIPS). Whereas critical data
sharing between the two has been accomplished, a unified management platform is still in development.