Here are some commonly asked questions and answers to help with your adoption of Cisco Secure Firewall. Subscribe (how-to) to this post to stay up-to-date with the latest Q&A and recommended Ask the Experts (ATXs) sessions to attend.
Q. What’s the important updates on Firepower 7.0?
Snort 3 Inspection engine is released, it is more efficient and provides better performance and scalability than Snort 2. Please reference the release note to get more information about Snort3 and other new features:
Cisco Firepower Release Notes, Version 7.0.0/7.0.x.
Q. Do I have to purchase a URL license to use the URL list in Security Intelligence?
No, Security Intelligence feature is covered in Threat License.
Q. Is there an intention to further integrate Umbrella in roadmap as that would make App and URL filtering central to Umbrella rather device per device mases on FTD deployments?
A: The best integration between Umbrella and Firepower can be achieved with SecureX. From that web console, it's possible to have events and visibility from both solutions.
Q. Does the Firepower Management Center require a license?
A. Firewall Management Center physical or virtual appliances running version 6.0 or later do not require separate management licenses. You can purchase either a physical or virtual FMC appliance. Managed devices still require classic or Smart subscription feature licenses. FMC Virtual Smart SKUs can manage any device running Threat Defense (FMC) software.
Q. Which AMP feature is recommended? Block file or block malware?
A. Block Files rules allow you to block specific file types, regardless disposition of the file is malicious or not. Block Malware rules allow you to calculate the SHA-256 hash value of specific file types, query the AMP cloud to determine if files traversing your network contain malware, then block files that represent threats.
Q. How to add a single IP to blacklist in Security Intelligence?
A. There are two ways to blacklist IP/Domain/URL
1. Right click on the IP/URL that you want to blacklist from connection event table.
2. Include all the IP/DNS/URL you want to blacklist in text files accordingly, have these text files uploaded to Objects > Object Management > Security Intelligence > Network Lists/DNS Lists/URL Lists
Q. How does Firepower detect the vulnerabilities of each host?
A. The main method is to passively check the data packets flowing through the firewall, extract the host-related information, roughly determine the operating system, and the version of some applications, and then compare the obtained information with the known vulnerability database (on different operating systems, The application version will have different known vulnerabilities).
Q. Can I integrate with AD without ISE in FMC version 7.x?
A.It depends on the usage of your external ID store. For FMC user login, you can use AD directly. For User access control, ISE integration is a must, ISE provides you IP-User mapping, and AD only provides user information.
Looking for more resources? Access the latest guides, recordings and more via Cisco Network Security ATXs Resources.
Want to learn more and get real-time Cisco expert advice? Through live Q&A and solution demos, Ask the Experts (ATXs) real-time sessions help you tackle deployment hurdles and learn advanced tips to maximize your use of Cisco technology. View and register for the upcoming Ask the Experts (ATXs) sessions today. [Pro tip: Subscribe to the event listing for new session updates.]
