Table of Contents
Advertisement
Cisco AMP Threat Grid Appliance Setup and Configuration Guide
PLANNING
Clean Interface
Connect to the Clean network. Clean must be accessible from the corporate network but requires
•
no outbound access to the Internet, except in Recovery Mode.
UI and API traffic (inbound)
•
Sample Submissions
•
SMTP (outbound connection to the configured mail server)
•
Recovery Mode Support Session (outbound)
•
SSH (in for tgsh-dialog)
•
Syslog (outbound to configured syslog server)
•
ESA/WSA – CSA Integrations
•
FireAMP Private Cloud Integration
•
DNS – Optional.
•
LDAP (outbound)
•
Dirty Interface
Connect to the Dirty network. Requires Internet access. Outbound Only!
•
DNS
•
Note:
If you are setting up an integration with a FireAMP Private Cloud, and the FireAMP appliance
hostname cannot be resolved over the Dirty interface, then a separate DNS server that uses the
Clean interface can be configured in OpAdmin.
NTP
•
Updates
•
Support Session in Normal Operations Mode
•
Support Snapshots
•
Malware Sample-initiated Traffic
•
CIMC Interface
Recommended. If the Cisco Integrated Management Controller ("CIMC") interface is configured, it can be
used for server management and maintenance. For more information see APPENDIX A – CIMC
CONFIGURATION (RECOMMENDED).
Reserved Interface
The non-Admin SFP+ port is reserved for future use.
9
Advertisement
Table of Contents
