cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
58593
Views
80
Helpful
66
Comments
Juan Ponce Dominguez
Cisco Employee
Cisco Employee

banner.jpg

 

At the core of the new Firewall Threat Defense (FTD) software version 7.x, Snort 3 provides faster and superior threat protection and performance, includes better SecureX integration so SecOPS teams can quickly pivot and correlate events from multiple products. This new version also brings multiple functionalities to secure the remote worker and cloud deployments.

 

Capability New Features Post 7.x Pre 7.x
How does 7.x compare to previous versions?

Simplified Automation and Dynamic Policy Management

Dynamic Objects

Dynamic Attributes Connector

These features enable robust policies in environments where fixed IP addresses don't exist. The Dynamic Objects can be updated without having to edit or redeploy the Access Control Policy multiple times. Think about AWS, VMware NSX, Azure or any other dynamic environments!

Previously, re-deployment of each change made on objects in the Access Control Policy was time-consuming and inefficient. Now you can utilize API or the Cisco Dynamic Attribute Connector to update constantly-changing objects in near real-time.

Secure Remote Worker

Dynamic Access Policy (DAP)

Hostscan

Custom Attributes: Per App VPN, Dynamic Split Tunneling, Deferred Update

Multi-Cert Authentication

SAML attributes support in DAP

SAML + VPN Load Balancing

Local Authentication for RAVPN

The features bring significant improvements around Remote Access VPN (RAVPN), eliminating the obstacles to increase NGFW adoption, and leading to a smoother migration from ASA to NGFW.

In previous releases, some key RAVPN functionalities like Dynamic Access Policy (DAP) or Load Balancing were missing. Also, there were concerns around the security posture of VPN enviroments that lacked NGFW capabilities. Now with Secure Firewall 7.x you can consolidate robust RAVPN capabilities with NGFW functionalities in a single box solution.

Superior Threat Visibility, Analytics and Logging

Snort 3

Unified Real Time Event Viewer

SecureX Ribbon Integration

Snort3 provides a fully re-architected IPS engine for the Cisco Secure Firewall Portfolio.

The new Unified Real Time Event Viewer, powered by advanced content filtering, provides a simple view of all security events. It streams data from sensors and correlates events, leading to faster investigations.

SecureX Ribbon enables SecOps teams to pivot from any event seen in the Firewall to the SecureX platform, correlating data across the entire SecureX integrated ecosystem. 

An evolution of the already robust intrusion detection engine Snort2, Snort3 provides up to 60% higher throughput,  increased efficacy, and simplified policy management.

In previous releases, searching and correlating events required to move between different tabs and was often cumbersome. Now with Unified Events, the entire flow of communication and all events triggered from it can be seen in one single view. Moreover, the Go Live option introduced in version 7.x allows to analyze events in real-time.

Adding SecureX Ribbon on top of the mentioned features makes the Cisco Secure Firewall fully integrated with the wider Cisco Security Portfolio.

Accelerating Cloud Adoption

Secure Firewall Cloud Native in AWS

ASAv and FTDv new platforms

The new Secure Firewall Cloud Native uses Kubernetes for orchestration to protect cloud workloads, with auto-scaling, auto-healing andreal-time responsiveness to demand -especially useful in VPN deployments.

The new release introduces OpenStack support for our virtual products (ASAv/FTDv/FMCv), launching a tiered licensing model, and a brand new FTDv instance with increased throughput up to 15.5 Gbps.

Previously, the only way to scale up and use cloud-native capabilities was to develop custom automation workflows, making it harder to deploy, orchestrate and manage the virtual firewalls. Now, the Secure Firewall Cloud Native uses Kubernetes to provide scalability and resilience, allowing customers to focus on achieving their business goals.

The changes made to the virtual portfolio have unlocked a flexible licensing model, allowing customers to acquire licenses depending on throughput requirements on a wide range of platforms. 

 

Learn more about Cisco Secure Firewall

 

Are you ready to upgrade?

 

We recommend customers running Cisco Secure Firewall Threat Defense (FTD) software version 6.7 or below upgrade to version 7.0.1 or higher.

Upgrading takes time and a lot of preparation. We know that not all environments are immediately ready to upgrade.

The Cisco Secure LevelUp program will look at your environment and determine what risks may come with an upgrade. You will walk away with a customized pre-upgrade checklist, an assessment of your current environment, and step-by-step upgrade instructions.

 

Next step: Learn how the LevelUp program can help you

 

Not ready to upgrade yet? Comment on this post and let us know why and how we can help.

If you want to stay up to date with our Software Compliance and key feature articles make sure to subscribe to the label 'Software Upgrades'

You can ask Cisco Expert: JJ Ponce Dominguez any Cisco Secure Firewall Software upgrade questions you may have.

Comments
Anil Patil
Level 8
Level 8

Thank you for sharing this information.

bezeddin
Level 1
Level 1

Thanks for sharing the update, vey nice to see latest security features blended in one solution

GhostMorgan
Level 1
Level 1

It's cool to see Kubernetes in action! I hope it will bring good results in the future! Great job!

juan.rosales
Level 1
Level 1

Muy buena solución, gracias por compartir esta información

jmarcel2
Level 1
Level 1

Thank you for version 7, it solves lot of issues, mostly with performance and dashboard responses. Also upgrade of sensors was pretty straight forward. Big plus is also seamless SecureX integration

 

@Juan Ponce Dominguez I have two questions:

 

1) I have upgraded our FMC and sensors to version 7.0.1-84. Would you recommend to upgrade further to 7.1x?

2) In intrusion policy I now see Snort2 and Snort3 rules, which rule set is applied? Can I inclusively use only Snort 3 rules? (better performance, etc..) or we need to have both of them?

thanks in advance

 

ramadani
Level 1
Level 1

Thanks for sharing. it's a good knowledge information for me as a newbie

Juan Ponce Dominguez
Cisco Employee
Cisco Employee

Thanks for the question @jmarcel2 . The golden Cisco recommended release is still on 7.0.1. Some customers require per policy to run the recommended version; others would however consider running a newer version like 7.1.x to have some added functionalities missing on 7.0.1. Among the most appealing ones for me are:

 

  • IPS rule recommendations with Snort 3
  • VPN Filters
  • Elephant flow identification

Consider upgrading to 7.1.x version if any of the new features are of interest to you and you have the freedom to chose which OS your firewalls will run. For a complete list of features please check: https://www.cisco.com/c/en/us/td/docs/security/firepower/roadmap/fmc-new-features/fmc-new-features-by-release.html#Cisco_Concept.dita_8ddf0fb2-3829-4d0e-9317-395d27fa8db1 

Bear in mind that both trains have heavy active support, so they will continue releasing security updates and patches.

 

You can have one Snort version active per device. Since I believe you upgraded from prior version 7, your system by default leaves snort 2 as active. You need to manually activate Snort 3 after the upgrade; here are the steps:

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/70/snort3/config-guide/snort3-configuration-guide-v70/migrating.html#concept_D87B73A83ACA42CCA656F0041F9D860B-enabledisable 

 

JJ

 

WO
Level 1
Level 1

Great information for all of us. Thank You

bbubbers
Level 1
Level 1

Very helpful article. Keep it going!

michael.nabil10
Level 1
Level 1

For sure the FTD is very efficient Firewall and the best IPS, also we are working now with version 6.6.5 and planning to upgrade to version 7

Alf_S_L
Level 1
Level 1

The Cloud improvements should be particularly useful.

John Pell
Spotlight
Spotlight

Thanks for this, a quick question on the Accelerating Cloud section.  You mention AWS capabilities, what about Azure, GCP etc?  Is there anything happening there?

Juan Ponce Dominguez
Cisco Employee
Cisco Employee

Hello @John Pell , FTDv is supported already in some public clouds like Azure, GCP, Nutanix, Oracle, AWS.

Support for more advanced use cases like clustering, load balancing, and autoscaling for clouds other than AWS is currently being developed and expected to come in the next releases.

Thanks for the question. - JJ

niroulabhaa
Level 1
Level 1

Really good stuffs. Any roadmap for Azure adoption yet?

lauvtoronto
Level 1
Level 1

Good information to cover key solution sets such as remote work, threats, and cloud.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: