Cisco Firepower 2100 Getting Started Manual page 29

Hide thumbs Also See for Firepower 2100:

Getting started manual (104 pages)

Getting started manual (222 pages)

Getting started manual (178 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

page of 150

/ 150
Contents
Table of Contents
Bookmarks

Table of Contents

Firepower Threat Defense Deployment with CDO

Note

The following example shows a default route for IPv4. In this example, isp-gateway is a network object that

identifies the IP address of the ISP gateway (you must obtain the address from your ISP). You can create this

object by clicking Create New Object at the bottom of the Gateway drop-down list.

Figure 9: Default Route

Step 8

Choose Management > Policy and configure the security policies for the network.

The initial setup enables traffic flow between the inside-zone and outside-zone, and interface NAT for all

interfaces when going to the outside interface. Even if you configure new interfaces, if you add them to the

inside-zone object, the access control rule automatically applies to them.

However, if you have multiple inside interfaces, you need an access control rule to allow traffic flow from

inside-zone to inside-zone. If you add other security zones, you need rules to allow traffic to and from those

zones. These would be your minimum changes.

In addition, you can configure other policies to provide additional services, and fine-tune NAT and access

rules to get the results that your organization requires. You can configure the following policies:

• SSL Decryption—If you want to inspect encrypted connections (such as HTTPS) for intrusions, malware,

and so forth, you must decrypt the connections. Use the SSL decryption policy to determine which

connections need to be decrypted. The system re-encrypts the connection after inspecting it.

• Identity—If you want to correlate network activity to individual users, or control network access based

on user or user group membership, use the identity policy to determine the user associated with a given

source IP address.

The routes you define on this page are for the data interfaces only. They do not impact the

management interface. Set the management gateway on Management > Settings > Management

Access.

Configure the Device in CDO

Cisco Firepower 2100 Getting Started Guide

Table of Contents

Show Quick Links

Hide quick links:

Chapters

Table of Contents

Cisco Firepower 2100 Getting Started Manual page 29

Hide quick links:

Chapters

Related Manuals for Cisco Firepower 2100

Related Products for Cisco Firepower 2100

Table of Contents