For all of you out there eager to upgrade their lab environments (or brave enough to upgrade to a new software release a few hours after release), Firepower 6.2.3 has just been released and brings some interesting and long awaited changes...
Some features worth noting:
SSL Hardware Acceleration
FPR4100/9300 can make use of their built in crypto chips for ssl encryption and decryption
Firepower Management Center REST API Improvements CRUD Operations for NAT, Static Routing, and HA Bundling
Upgrade Package Push Download updates to your sensors before maintenance windows... Saves a lot of time in case you have some low bandwidth links
Policy Deploy Restart Improvements Less snort restarts during policy deployments, leading to more smoother policy deployments
Firepower Device Manager REST API FTD now includes an API browser and a large set of CRUD operations
Direct Upgrade from 6.1.x (!) Starting with version 6.1.0 you can directly upgrade to 6.2.3. No need to go through many time consuming upgrades (upgrade times should also be greatly enhanced, but we'll see :)
Apart from some other enhancements there have been 207 bug fixes and minor changes in default behavior. For a full list of changes check out the release notes:
The Upgrade was pulled of the cisco download site due to a bug that basically changed your ips variable set when you were using objects in it. An updated upgrade package should be available on monday, 2nd of april.
Site to Site IPSec VPN with Dynamic IP Endpoint is typically used when we have a branch sites which obtains a dynamic public IP from the Internet ISP. For example an ADSL connection.One important note is that Site-to-Site VPN with Dynamic remote routers P...
On R1, configure a key ring that defines the peer R3:Address: 184.108.40.206Local and remote pre-shared key: cisco R1(config)#crypto ikev2 keyring KRR1(config-ikev2-keyring)# peer R3R1(config-ikev2-keyring-peer)# address 220.127.116.11R1(config-ikev2-keyring-pee...
This document shows how to use the Port Radius NAS PORT Id Attribute in a compound condition to control access with 802.1X.A user jdoe is allowed to access the network only through the physical port FastEthernet 0/1 of the switch and the user jwhite is al...
This document provides a configuration example of Security Assertion Markup Language (SAML) Authentication on FTD managed over FDM. The configuration allows Anyconnect users to establish a VPN session authenticating with a SAML Identity Serv...
DMVPN Dual Hub Dual Cloud Pros and ConsProsNo single point of failureQuick failover if routing protocols are tunedLoad balancing is easyTraffic engineering is easyEasy to work with multiple ISPsConsNeed 2 tunnels per spokeConfiguration is more complicated...