Table of Contents
Advertisement
Deploying Firepower Managed Devices
After you register a device to a Firepower Management Center, you deploy the sensing interfaces of the
device on a network segment to monitor traffic using an intrusion detection system or protect your
network from threats using an intrusion prevention system.
Sensing Deployment Considerations
Your sensing deployment decisions will be based on a variety of factors. Answering these questions can
help you understand the vulnerable areas of your network and clarify your intrusion detection and
prevention needs:
•
•
•
•
•
Understanding Sensing Interfaces
The sections that follow describe how different sensing interfaces affect the capabilities of the Firepower
System. In addition to passive and inline interfaces, you can also have routed, switched, and hybrid
interfaces.
Will you be deploying your managed device with passive or inline interfaces? Does your device
support a mix of interfaces, some passive and others inline? See
page 6-1
for more information.
How will you connect the managed devices to the network? Hubs? Taps? Spanning ports on
switches? Virtual switches? See
information.
Do you want to detect every attack on your network, or do you only want to know about attacks that
penetrate your firewall? Do you have specific assets on your network such as financial, accounting,
or personnel records, production code, or other sensitive, protected information that require special
security policies? See
Deployment Options, page 6-7
Will you use multiple sensing interfaces on your managed device to recombine the separate
connections from a network tap, or to capture and evaluate traffic from different networks? Do you
want to use the multiple sensing interfaces to perform as a virtual router or a virtual switch? See
Using Multiple Sensing Interfaces on a Managed Device, page 6-16
Do you provide VPN or modem access for remote workers? Do you have remote offices that also
require an intrusion protection deployment? Do you employ contractors or other temporary
employees? Are they restricted to specific network segments? Do you integrate your network with
the networks of other organizations such as customers, suppliers, or business partners? See
Network Deployments, page 6-18
C H A P T E R
Connecting Devices to Your Network, page 6-4
for more information.
for more information.
Firepower 7000 Series Hardware Installation Guide
6
Understanding Sensing Interfaces,
for more
for more information.
Complex
6-1
Advertisement
Table of Contents
