Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6945
Views
10
Helpful
4
Replies

Manual Signature Update on Firepower 4100 Series

Go to solution
mail2siang
Level 1
Level 1

‎04-03-2017 04:35 AM - edited ‎03-10-2019 06:48 AM

Hi, 

Do anyone know if i can still do manual signature update on the new Firepower 4100 Series

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-03-2017 08:51 AM

You can update any FirePOWER devices either manually or on an automated schedule (or not at all - although that compromises your security quite a bit). That includes the 4100 and 2100 series - they are all managed by FirePOWER Management Center (usually) or FirePOWER Devices Manager (seldom, especially for the higher end platforms). FMC is where the updates happen and we deliver them to the sensors via policy deployment.

However, it's a bit more complicated than just "signatures". That's what a classic IPS used.

FirePOWER platforms use a variety of feeds and updates. Off the top of my head, they incude Security Intelligence Feeds, Snort Rule updates, Vulnerability database updates, Geolocation updates and URL downloads. there are also cloud-based unknown domain lookups for URL Filtering and SHA-256 lookups for potential malware.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-03-2017 08:51 AM

You can update any FirePOWER devices either manually or on an automated schedule (or not at all - although that compromises your security quite a bit). That includes the 4100 and 2100 series - they are all managed by FirePOWER Management Center (usually) or FirePOWER Devices Manager (seldom, especially for the higher end platforms). FMC is where the updates happen and we deliver them to the sensors via policy deployment.

However, it's a bit more complicated than just "signatures". That's what a classic IPS used.

FirePOWER platforms use a variety of feeds and updates. Off the top of my head, they incude Security Intelligence Feeds, Snort Rule updates, Vulnerability database updates, Geolocation updates and URL downloads. there are also cloud-based unknown domain lookups for URL Filtering and SHA-256 lookups for potential malware.

0 Helpful

Go to solution
mail2siang
Level 1
Level 1
In response to Marvin Rhoads

‎04-03-2017 06:18 PM

Hi Marvin,

I understand that to receive the updates and feeds, I need to have the FirePOWER Management Center (FMC) connected to an internet connection. It is possible for me to do separate system setup (1 standalone FMC connected to internet and another FMC in the production environment that is without internet access) and download the update from the standalone FMC before copying the update to the FMC in the production environment or can the updates be downloaded from CISCO.com without additional FMC. 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mail2siang

‎04-04-2017 03:32 AM

You can download most (but not all) updates from cisco.com without an additional FMC.

The ones that are available are the GeoDB, Rules Updates, SEU and VDB. they can all be found here:

https://software.cisco.com/download/release.html?mdfid=286259687&flowid=54052&softwareid=286271056&release=GeoDB&relind=AVAILABLE&rellifecycle=&reltype=latest

I don't believe one can manually download and install the Security Intelligence or URL updates. (...and of course cloud-based lookups will not be available.)

Go to solution
muralise
Cisco Employee
Cisco Employee
In response to Marvin Rhoads

‎08-31-2018 09:18 AM - edited ‎08-31-2018 09:25 AM

How can you do Sourcefire rule update (SRU) on the 5500-X firewall on CLI? i meant without ASDM or FMC.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card