04-03-2017 04:35 AM - edited 03-10-2019 06:48 AM
Hi,
Do anyone know if i can still do manual signature update on the new Firepower 4100 Series
Solved! Go to Solution.
04-03-2017 08:51 AM
You can update any FirePOWER devices either manually or on an automated schedule (or not at all - although that compromises your security quite a bit). That includes the 4100 and 2100 series - they are all managed by FirePOWER Management Center (usually) or FirePOWER Devices Manager (seldom, especially for the higher end platforms). FMC is where the updates happen and we deliver them to the sensors via policy deployment.
However, it's a bit more complicated than just "signatures". That's what a classic IPS used.
FirePOWER platforms use a variety of feeds and updates. Off the top of my head, they incude Security Intelligence Feeds, Snort Rule updates, Vulnerability database updates, Geolocation updates and URL downloads. there are also cloud-based unknown domain lookups for URL Filtering and SHA-256 lookups for potential malware.
04-03-2017 08:51 AM
You can update any FirePOWER devices either manually or on an automated schedule (or not at all - although that compromises your security quite a bit). That includes the 4100 and 2100 series - they are all managed by FirePOWER Management Center (usually) or FirePOWER Devices Manager (seldom, especially for the higher end platforms). FMC is where the updates happen and we deliver them to the sensors via policy deployment.
However, it's a bit more complicated than just "signatures". That's what a classic IPS used.
FirePOWER platforms use a variety of feeds and updates. Off the top of my head, they incude Security Intelligence Feeds, Snort Rule updates, Vulnerability database updates, Geolocation updates and URL downloads. there are also cloud-based unknown domain lookups for URL Filtering and SHA-256 lookups for potential malware.
04-03-2017 06:18 PM
Hi Marvin,
I understand that to receive the updates and feeds, I need to have the FirePOWER Management Center (FMC) connected to an internet connection. It is possible for me to do separate system setup (1 standalone FMC connected to internet and another FMC in the production environment that is without internet access) and download the update from the standalone FMC before copying the update to the FMC in the production environment or can the updates be downloaded from CISCO.com without additional FMC.
04-04-2017 03:32 AM
You can download most (but not all) updates from cisco.com without an additional FMC.
The ones that are available are the GeoDB, Rules Updates, SEU and VDB. they can all be found here:
https://software.cisco.com/download/release.html?mdfid=286259687&flowid=54052&softwareid=286271056&release=GeoDB&relind=AVAILABLE&rellifecycle=&reltype=latest
I don't believe one can manually download and install the Security Intelligence or URL updates. (...and of course cloud-based lookups will not be available.)
08-31-2018 09:18 AM - edited 08-31-2018 09:25 AM
How can you do Sourcefire rule update (SRU) on the 5500-X firewall on CLI? i meant without ASDM or FMC.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide