Security, Internet Access, And Communication Ports; Internet Access Requirements - Cisco 7010 Installation Manual
Firepower 7000 series; firepower 8000 series
Hide thumbs
Also See for 7010:
- Product user manual (151 pages) ,
- Help manual (132 pages) ,
- Replacement instructions manual (23 pages)
Table of Contents
Advertisement
Chapter 1
Introduction to the Firepower System
Security, Internet Access, and Communication Ports
To safeguard the Firepower Management Center, you should install it on a protected internal network.
Although the Firepower Management Center is configured to have only the necessary services and ports
available, you must make sure that attacks cannot reach it (or any managed devices) from outside the
firewall.
If the Firepower Management Center and its managed devices reside on the same network, you can
connect the management interfaces on the devices to the same protected internal network as the
Firepower Management Center. This allows you to securely control the devices from the Firepower
Management Center. You can also configure multiple management interfaces to allow the Firepower
Management Center to manage and isolate traffic from devices on other networks.
Regardless of how you deploy your appliances, intra-appliance communication is encrypted. However,
you must still take steps to ensure that communications between appliances cannot be interrupted,
blocked, or tampered with; for example, with a distributed denial of service (DDoS) or
man-in-the-middle attack.
Also note that specific features of the Firepower System require an Internet connection. By default, all
appliances are configured to directly connect to the Internet. Additionally, the system requires certain
ports remain open for basic intra-appliance communication, for secure appliance access, and so that
specific system features can access the local or Internet resources they need to operate correctly.
Tip
With the exception of Cisco ASA with FirePOWER Services, Firepower System appliances support the
use of a proxy server. For more information, see the Firepower Management Center Configuration
Guide.
For more information, see:
•
•
Internet Access Requirements
Firepower System appliances are configured to directly connect to the Internet on ports 443/tcp (HTTPS)
and 80/tcp (HTTP), which are open by default; see
that most Firepower System appliances support use of a proxy server; see the Configuring Network
Settings chapter in the Firepower Management Center Configuration Guide. Note also that a proxy
server cannot be used for whois access.
The following table describes the Internet access requirements of specific features of the Firepower
System.
Table 1-6
Firepower System Feature Internet Access Requirements
Feature
dynamic analysis: querying
dynamic analysis: submitting
Internet Access Requirements, page 1-13
Communication Ports Requirements, page 1-14
Internet access is required to...
query the Collective Security Intelligence
Cloud for threat scores of files previously
submitted for dynamic analysis.
submit files to the Collective Security
Intelligence Cloud for dynamic analysis.
Security, Internet Access, and Communication Ports
Communication Ports Requirements, page
Appliances
Management Center
Managed devices
Firepower 7000 and 8000 Series Installation Guide
1-14. Note
1-13
Hide quick links:
Advertisement
Chapters
Table of Contents
