Cisco Firepower 2100 Getting Started Manual page 155

Hide thumbs Also See for Firepower 2100:

Getting started manual (104 pages)

Getting started manual (150 pages)

Getting started manual (178 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

page of 222

/ 222
Contents
Table of Contents
Bookmarks

Table of Contents

Firepower Threat Defense Deployment with CDO

The default route normally points to the upstream or ISP router that resides off the outside interface. A default

IPv4 route is for any-ipv4 (0.0.0.0/0), whereas a default IPv6 route is for any-ipv6 (::0/0). Create routes for

each IP version you use. If you use DHCP to obtain an address for the outside interface, you might already

have the default routes that you need.

Note

The following example shows a default route for IPv4. In this example, isp-gateway is a network object that

identifies the IP address of the ISP gateway (you must obtain the address from your ISP). You can create this

object by clicking Create New Object at the bottom of the Gateway drop-down list.

Figure 47: Default Route

Step 8

Choose Management > Policy and configure the security policies for the network.

The initial setup enables traffic flow between the inside-zone and outside-zone, and interface NAT for all

interfaces when going to the outside interface. Even if you configure new interfaces, if you add them to the

inside-zone object, the access control rule automatically applies to them.

However, if you have multiple inside interfaces, you need an access control rule to allow traffic flow from

inside-zone to inside-zone. If you add other security zones, you need rules to allow traffic to and from those

zones. These would be your minimum changes.

In addition, you can configure other policies to provide additional services, and fine-tune NAT and access

rules to get the results that your organization requires. You can configure the following policies:

• SSL Decryption—If you want to inspect encrypted connections (such as HTTPS) for intrusions, malware,

and so forth, you must decrypt the connections. Use the SSL decryption policy to determine which

connections need to be decrypted. The system re-encrypts the connection after inspecting it.

The routes you define on this page are for the data interfaces only. They do not impact the

management interface. Set the management gateway on Management > Settings > Management

Access.

Configure the Device in CDO

Cisco Firepower 2100 Getting Started Guide

153

Table of Contents

Chapters

Table of Contents

Cisco Firepower 2100 Getting Started Manual page 155

Chapters

Related Manuals for Cisco Firepower 2100

Related Products for Cisco Firepower 2100

Table of Contents