cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
55011
Views
80
Helpful
66
Comments
Juan Ponce Dominguez
Cisco Employee
Cisco Employee

banner.jpg

 

At the core of the new Firewall Threat Defense (FTD) software version 7.x, Snort 3 provides faster and superior threat protection and performance, includes better SecureX integration so SecOPS teams can quickly pivot and correlate events from multiple products. This new version also brings multiple functionalities to secure the remote worker and cloud deployments.

 

Capability New Features Post 7.x Pre 7.x
How does 7.x compare to previous versions?

Simplified Automation and Dynamic Policy Management

Dynamic Objects

Dynamic Attributes Connector

These features enable robust policies in environments where fixed IP addresses don't exist. The Dynamic Objects can be updated without having to edit or redeploy the Access Control Policy multiple times. Think about AWS, VMware NSX, Azure or any other dynamic environments!

Previously, re-deployment of each change made on objects in the Access Control Policy was time-consuming and inefficient. Now you can utilize API or the Cisco Dynamic Attribute Connector to update constantly-changing objects in near real-time.

Secure Remote Worker

Dynamic Access Policy (DAP)

Hostscan

Custom Attributes: Per App VPN, Dynamic Split Tunneling, Deferred Update

Multi-Cert Authentication

SAML attributes support in DAP

SAML + VPN Load Balancing

Local Authentication for RAVPN

The features bring significant improvements around Remote Access VPN (RAVPN), eliminating the obstacles to increase NGFW adoption, and leading to a smoother migration from ASA to NGFW.

In previous releases, some key RAVPN functionalities like Dynamic Access Policy (DAP) or Load Balancing were missing. Also, there were concerns around the security posture of VPN enviroments that lacked NGFW capabilities. Now with Secure Firewall 7.x you can consolidate robust RAVPN capabilities with NGFW functionalities in a single box solution.

Superior Threat Visibility, Analytics and Logging

Snort 3

Unified Real Time Event Viewer

SecureX Ribbon Integration

Snort3 provides a fully re-architected IPS engine for the Cisco Secure Firewall Portfolio.

The new Unified Real Time Event Viewer, powered by advanced content filtering, provides a simple view of all security events. It streams data from sensors and correlates events, leading to faster investigations.

SecureX Ribbon enables SecOps teams to pivot from any event seen in the Firewall to the SecureX platform, correlating data across the entire SecureX integrated ecosystem. 

An evolution of the already robust intrusion detection engine Snort2, Snort3 provides up to 60% higher throughput,  increased efficacy, and simplified policy management.

In previous releases, searching and correlating events required to move between different tabs and was often cumbersome. Now with Unified Events, the entire flow of communication and all events triggered from it can be seen in one single view. Moreover, the Go Live option introduced in version 7.x allows to analyze events in real-time.

Adding SecureX Ribbon on top of the mentioned features makes the Cisco Secure Firewall fully integrated with the wider Cisco Security Portfolio.

Accelerating Cloud Adoption

Secure Firewall Cloud Native in AWS

ASAv and FTDv new platforms

The new Secure Firewall Cloud Native uses Kubernetes for orchestration to protect cloud workloads, with auto-scaling, auto-healing andreal-time responsiveness to demand -especially useful in VPN deployments.

The new release introduces OpenStack support for our virtual products (ASAv/FTDv/FMCv), launching a tiered licensing model, and a brand new FTDv instance with increased throughput up to 15.5 Gbps.

Previously, the only way to scale up and use cloud-native capabilities was to develop custom automation workflows, making it harder to deploy, orchestrate and manage the virtual firewalls. Now, the Secure Firewall Cloud Native uses Kubernetes to provide scalability and resilience, allowing customers to focus on achieving their business goals.

The changes made to the virtual portfolio have unlocked a flexible licensing model, allowing customers to acquire licenses depending on throughput requirements on a wide range of platforms. 

 

Learn more about Cisco Secure Firewall

 

Are you ready to upgrade?

 

We recommend customers running Cisco Secure Firewall Threat Defense (FTD) software version 6.7 or below upgrade to version 7.0.1 or higher.

Upgrading takes time and a lot of preparation. We know that not all environments are immediately ready to upgrade.

The Cisco Secure LevelUp program will look at your environment and determine what risks may come with an upgrade. You will walk away with a customized pre-upgrade checklist, an assessment of your current environment, and step-by-step upgrade instructions.

 

Next step: Learn how the LevelUp program can help you

 

Not ready to upgrade yet? Comment on this post and let us know why and how we can help.

If you want to stay up to date with our Software Compliance and key feature articles make sure to subscribe to the label 'Software Upgrades'

You can ask Cisco Expert: JJ Ponce Dominguez any Cisco Secure Firewall Software upgrade questions you may have.

Comments
Marvin Rhoads
Hall of Fame
Hall of Fame

@Juan Ponce Dominguez Migrating to Snort 3 appears to removed the ability to directly generate and use "Firepower Recommendations" for IPS policies. Instead we must first do it for Snort 2 and then manually sync Snort 2 and Snort 3 policies.

https://www.cisco.com/c/en/us/td/docs/security/firepower/70/snort3/config-guide/snort3-configuration-guide-v70/tailoring-intrusion-protection.html

With the older version we could simply schedule a task to do this automatically.

Can you comment on this?

Juan Ponce Dominguez
Cisco Employee
Cisco Employee

Hello @Marvin Rhoads ,

Version 7.1.0 FMCs now support intrusion rule recommendations for FTD devices with Snort 3, including Version 7.0.0/7.0.x devices.

To configure this feature, edit the Snort 3 version of an intrusion policy and click the Recommendations button (in the left pane, next to All Rules)

More here: https://www.cisco.com/c/en/us/td/docs/security/firepower/710/snort3/config-guide/snort3-configuration-guide-v71/tailoring-intrusion-protection.html#ID-2213-000000e4_snort3

JJ

Marvin Rhoads
Hall of Fame
Hall of Fame

Thanks @Juan Ponce Dominguez for that update on 7.1.

Do you know if the feature will be back-ported into 7.0.x since 7.0 is the designated Extra Long Term Release and 7.1 is only a Short Term Release?

https://www.cisco.com/c/en/us/products/collateral/security/firewalls/bulletin-c25-743178.html

Juan Ponce Dominguez
Cisco Employee
Cisco Employee

Hello @Marvin Rhoads , there are no plans to add this functionality to 7.0 releases, just 7.1 onwards.

JJ

Thank you for sharing, really good insight and information about Secure Firewall!

WO
Level 1
Level 1

Nice solution. It could help us in our daily work. Thank you

 

michalsabat
Level 1
Level 1

Great solution. Keep gointg this nice things.

ViralPatel7456
Level 1
Level 1

Thanks for sharing, Its very useful for me for future life

venianakis
Level 1
Level 1

Glad to finally see Kubernetes and OpenStack in real action on the Cloud Native flavor.

One more step closer to the global cloud world.

Good job team!

Thanks for sharing. very useful.

jshupick
Level 7
Level 7

Anything that can make the gauntlet of firewalls easier for the security people has two thumbs up in my book!

rikaragoza
Level 1
Level 1

In depth but easily digestible overview, really good job in this one!

David Cardenas
Level 1
Level 1

Great info, the Cisco updates for security tools are amazing and so helpful. We can create a better network enviroment with them in a simple way.

Gallifrean
Level 7
Level 7

good to see snort 3 improvements such as multithreading and preprocessor

AnwarNugraha
Level 1
Level 1

Thank you for this sharing session, It makes me more secure

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: