Cisco Firepower 2100 Getting Started Manual page 30

Hide thumbs Also See for Firepower 2100:

Getting started manual (104 pages)

Getting started manual (222 pages)

Getting started manual (178 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

page of 150

/ 150
Contents
Table of Contents
Bookmarks

Table of Contents

Configure the Device in CDO

• Security Intelligence—Use the Security Intelligence policy to quickly drop connections from or to

blacklisted IP addresses or URLs. By blacklisting known bad sites, you do not need to account for them

in your access control policy. Cisco provides regularly updated feeds of known bad addresses and URLs

so that the Security Intelligence blacklist updates dynamically. Using feeds, you do not need to edit the

policy to add or remove items in the blacklist.

• Access Control—Use the access control policy to determine which connections are allowed on the

network. You can filter by security zone, IP address, protocol, port, application, URL, user or user group.

You also apply intrusion and file (malware) policies using access control rules. Use this policy to

implement URL filtering.

The following example shows how to allow traffic between the inside-zone and dmz-zone in the access control

policy. In this example, no options are set on any of the other tabs except for Logging, where At End of

Connection is selected.

Figure 10: Access Control Policy

Step 9

Locate the Security Database Updates section to create a scheduled task to check and update the security

databases for an FTD device.

When you onboard an FTD device to CDO, part of the onboarding process allows you to Enable scheduled

recurring updates for databases. This option is checked by default. When enabled, CDO immediately checks

for and applies any security updates as well as automatically schedules the device to check for additional

updates. You are able to modify the date and time of the scheduled task after the device is onboarded.

If you are using intrusion policies, set up regular updates for the Rules and VDB databases. If you use Security

Intelligence feeds, set an update schedule for them. If you use geolocation in any security policies as matching

criteria, set an update schedule for that database.

Step 10

Click the Preview and Deploy button in the menu, then click the Deploy Now button, to deploy your changes

to the device.

Changes are not active on the device until you deploy them.

What to do next

• You should register and license your device after you onboard; see

Cisco Firepower 2100 Getting Started Guide

Firepower Threat Defense Deployment with CDO

Configure Licensing, on page

29.

Table of Contents

Show Quick Links

Hide quick links:

Chapters

Table of Contents

Cisco Firepower 2100 Getting Started Manual page 30

Hide quick links:

Chapters

Related Manuals for Cisco Firepower 2100

Related Products for Cisco Firepower 2100

Table of Contents