Here are some commonly asked questions and answers to help with your adoption of Cisco Secure Firewall. Subscribe (how-to) to this post to stay up-to-date with the latest Q&A and recommended Ask the Experts (ATXs) sessions to attend.
Q. What’s the important updates on Firepower 7.0?
Snort 3 Inspection engine is released, it is more efficient and provides better performance and scalability than Snort 2. Please reference the release note to get more information about Snort3 and other new features: Cisco Firepower Release Notes, Version 7.0.0/7.0.x.
Q. Do I have to purchase a URL license to use the URL list in Security Intelligence?
No, Security Intelligence feature is covered in Threat License.
Q. Is there an intention to further integrate Umbrella in roadmap as that would make App and URL filtering central to Umbrella rather device per device mases on FTD deployments? A: The best integration between Umbrella and Firepower can be achieved with SecureX. From that web console, it's possible to have events and visibility from both solutions.
Q. Does the Firepower Management Center require a license? A. Firewall Management Center physical or virtual appliances running version 6.0 or later do not require separate management licenses. You can purchase either a physical or virtual FMC appliance. Managed devices still require classic or Smart subscription feature licenses. FMC Virtual Smart SKUs can manage any device running Threat Defense (FMC) software.
Q. Which AMP feature is recommended? Block file or block malware? A. Block Files rules allow you to block specific file types, regardless disposition of the file is malicious or not. Block Malware rules allow you to calculate the SHA-256 hash value of specific file types, query the AMP cloud to determine if files traversing your network contain malware, then block files that represent threats.
Q. How to add a single IP to blacklist in Security Intelligence? A. There are two ways to blacklist IP/Domain/URL 1. Right click on the IP/URL that you want to blacklist from connection event table. 2. Include all the IP/DNS/URL you want to blacklist in text files accordingly, have these text files uploaded to Objects > Object Management > Security Intelligence > Network Lists/DNS Lists/URL Lists
Q. How does Firepower detect the vulnerabilities of each host? A. The main method is to passively check the data packets flowing through the firewall, extract the host-related information, roughly determine the operating system, and the version of some applications, and then compare the obtained information with the known vulnerability database (on different operating systems, The application version will have different known vulnerabilities).
Want to learn more and get real-time Cisco expert advice? Register for the upcoming Ask the Experts (ATXs) sessions.
Simply click on the preferred session time to reserveyour spot today! Through live Q&A and solution demos, Ask the Experts (ATXs) real-time sessions help you tackle deployment hurdles and learn advanced tips to maximize your use of Cisco technology.
Level (Lifecycle Pit Stop)
Use Case Overview and Planning: Internet Edge Protection (new)
Sorry - did not see this in the documentation, and I'm trying to clarify for some internal user docs. If you have "Easy Open" enabled, does a first time Cisco Secure Email Encryption Service/CRES user (recipient with no previous account) have to:&nbs...
When i run command show controller pci. I get the below, How do i fix this. 1.) System is not fully operational - The PCI device with vendor ID: 0x1000 (LSI) device ID: 0x0a05 (Accelerator) could not be found in the system.
Hello all.I passed 300-206 exam in February 2020 and i want to continue learning so i can get full CCNP security. Could you please advise what more exam should i take to achieve this?Thank you in advance.
Dear all, i would need some helps regarding an issue on Cisco ESA C390. we are having issue when no notification has been triggered nor send to recipient when an email has been sent from external with attachment size more than 40MB, although con...
I have a basic question about ISE sizing. We bought it and plan to use it only for Tacacs authentication (no NAC). We will have around 150 switches requiring authentication.Do you think we can do this with the “small” OVA (Virtual SNS-3515 OVA - ISE-3.1.0...