Cisco AMP Threat Grid Appliance Setup and Configuration Guide
PLANNING
Clean Interface
Connect to the Clean network. Clean must be accessible from the corporate network but requires
•
no outbound access to the Internet, except in Recovery Mode.
UI and API traffic (inbound)
•
Sample Submissions
•
SMTP (outbound connection to the configured mail server)
•
Recovery Mode Support Session (outbound)
•
SSH (in for tgsh-dialog)
•
Syslog (outbound to configured syslog server)
•
ESA/WSA – CSA Integrations
•
FireAMP Private Cloud Integration
•
DNS – Optional.
•
LDAP (outbound)
•
Dirty Interface
Connect to the Dirty network. Requires Internet access. Outbound Only!
•
DNS
•
Note:
If you are setting up an integration with a FireAMP Private Cloud, and the FireAMP appliance
hostname cannot be resolved over the Dirty interface, then a separate DNS server that uses the
Clean interface can be configured in OpAdmin.
NTP
•
Updates
•
Support Session in Normal Operations Mode
•
Support Snapshots
•
Malware Sample-initiated Traffic
•
CIMC Interface
Recommended. If the Cisco Integrated Management Controller ("CIMC") interface is configured, it can be
used for server management and maintenance. For more information see APPENDIX A – CIMC
CONFIGURATION (RECOMMENDED).
Reserved Interface
The non-Admin SFP+ port is reserved for future use.
9