Cisco Cisco Firepower Management Center 2000 發佈版本通知
Version 5.2.0.1
Sourcefire 3D System Release Notes
32
Features Introduced in Previous Versions
both the Authentication Header (AH) and Encapsulating Security Payload (ESP)
security protocols.
The system supports three types of VPN deployments: point-to-point, star, and
The system supports three types of VPN deployments: point-to-point, star, and
mesh.
In a point-to-point VPN deployment, two endpoints communicate directly with
In a point-to-point VPN deployment, two endpoints communicate directly with
each other.
In a star VPN deployment, a central endpoint (hub node) establishes a secure
In a star VPN deployment, a central endpoint (hub node) establishes a secure
connection with multiple remote endpoints (leaf nodes). Star deployments
commonly represent a VPN that connects an organization’s main and branch
office locations using secure connections over the Internet or other third-party
network. Star VPN deployments provide all employees with controlled access to
the organization’s network.
In a mesh VPN deployment, all endpoints can communicate with every other
In a mesh VPN deployment, all endpoints can communicate with every other
endpoint by means of an individual VPN tunnel. The mesh deployment offers
redundancy so that when one endpoint fails, the remaining endpoints can still
communicate with each other. This type of deployment commonly represents a
VPN that connects a group of decentralized branch office locations.
Note that this feature is only available on Series 3 devices. To deploy VPN, you
Note that this feature is only available on Series 3 devices. To deploy VPN, you
must enable Protection, Control, and VPN licenses on each of the managed
devices used for the VPN.
Policy-Based NAT
Version 5.2 introduces the ability to create a network address translation (NAT)
policy. A NAT policy determines how the system performs routing with NAT.
You can now create and use both static and dynamic NAT rules for further
You can now create and use both static and dynamic NAT rules for further
flexibility and granular control of NAT configuration. Policy-based NAT supports
the following types of rules:
•
static, which provide one-to-one translations on destination networks and
optionally port and protocol
•
dynamic IP, which translate many-to-many source networks, but maintain
port and protocol
•
dynamic IP and port, which translate many-to-one or many-to-many source
networks and port and protocol
You can configure NAT policies in different ways to manage specific network
needs:
•
to expose an internal server to an external network
•
to allow an internal host or server to connect to an external application
•
to hide private network addresses from an external network by using a
block of IP addresses
•
to hide private network addresses from an external network using a limited
block of IP addresses and port translation