Access The Threat Defense And Fxos Cli - Cisco Firepower 1010 Getting Started Manual

Hide thumbs Also See for Firepower 1010:

Getting started manual (182 pages)

Hardware installation manual (50 pages)

Getting started (42 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

Table of Contents

Threat Defense Deployment with the Device Manager

• Intrusion—Use the intrusion policies to inspect for known threats. Although you apply intrusion policies

The following example shows how to allow traffic between the inside-zone and dmz-zone in the access control

policy. In this example, no options are set on any of the other tabs except for Logging, where At End of

Connection is selected.

Figure 34: Access Control Policy

Step 6

Choose Device, then click View Configuration in the Updates group and configure the update schedules for

the system databases.

If you are using intrusion policies, set up regular updates for the Rules and VDB databases. If you use Security

Intelligence feeds, set an update schedule for them. If you use geolocation in any security policies as matching

criteria, set an update schedule for that database.

Step 7

Click the Deploy button in the menu, then click the Deploy Now button (

the device.

Changes are not active on the device until you deploy them.

Access the Threat Defense and FXOS CLI

Use the command-line interface (CLI) to set up the system and do basic system troubleshooting. You cannot

configure policies through a CLI session. You can access the CLI by connecting to the console port.

You can also access the FXOS CLI for troubleshooting purposes.

Note

using access control rules, you can edit the intrusion policies to selectively enable or disable specific

intrusion rules.

You can alternatively SSH to the Management interface of the threat defense device. Unlike a console session,

the SSH session defaults to the threat defense CLI, from which you can connect to the FXOS CLI using the

connect fxos command. You can later connect to the address on a data interface if you open the interface for

SSH connections. SSH access to data interfaces is disabled by default. This procedure describes console port

access, which defaults to the FXOS CLI.

Access the Threat Defense and FXOS CLI

), to deploy your changes to

Cisco Firepower 1010 Getting Started Guide

111

Table of Contents

Chapters

Table of Contents

Access The Threat Defense And Fxos Cli - Cisco Firepower 1010 Getting Started Manual

Access the Threat Defense and FXOS CLI

Chapters

Related Manuals for Cisco Firepower 1010

Related Content for Cisco Firepower 1010

Table of Contents