Cisco Cisco ASA 5555-X Adaptive Security Appliance 安装指南

With the Cisco Firepower Management Center Remediation Module for ACI, when an attack on your 
network is detected by the Firepower Management Center 6.1 or FireSIGHT Management Center 
5.4.x, the offending end point can now be completely quarantined in the Application Policy 
Infrastructure Controller (APIC) so that no further traffic is allowed to go in or out of that end point. 
The following illustration shows the relationship between the Firepower Management Center and the 
APIC when the Remediation Module is installed.

The illustration above shows the following process of quarantining a network attack in the APIC:

An end point with an infected application in an End-Point Group (EPG) launches an attack 
on your network. The attack is blocked inline by either a Cisco Firepower Next-Generation 
Firewall (physical or virtual), a Cisco ASA with FirePOWER Services, or a Cisco FirePOWER 
Appliance (physical or virtual). 

An attack event is generated and sent to the Cisco Firepower Management Center (FMC). The 
attack event includes information about the infected end point.

The attack event is configured to trigger the remediation module for APIC, which used the 
APIC North-Bound (NB) API to contain the infected end point in the ACI fabric.

The APIC quickly contains/quarantines the infected application workload into an isolated 
microsegment (uSeg) EPG.