CISCO Yakatanga NeFirepower Kuita Kwekutanga Setup
Zvinotsanangurwa
- Zita reChigadzirwa: Cisco Firepower
- Chigadzirwa Type: Network Security uye Traffic Management
- Deployment Sarudzo: Chinangwa-chakavakwa mapuratifomu kana software mhinduro
- Management Interface: Graphical User Interface
Mirayiridzo Yekushandiswa Kwechigadzirwa
Kuisa uye Kuita Chekutanga Setup pane Zvemuviri Zvishandiso:
Tevedza matanho aya kumisikidza Firepower Management Center pamidziyo yemuviri:
- Tarisa kuKutanga Gwaro kune yakadzama yekuisa mirairo.
Kuendesa Virtual Zvishandiso
Kana uchitumira virtual midziyo, tevera matanho aya:
- Sarudza anotsigirwa chaiwo mapuratifomu eManagement Center nemidziyo.
- Deploy virtual Firepower Management Centers paPublic and Private Cloud environments.
- Tumira chaiwo madhizaini emudziyo wako pane anotsigirwa makore nharaunda.
Kupinda Kwekutanga:
Mune matanho ekutanga ekupinda eFirepower Management Center:
- Pinda mukati neyakagadzika zvitupa (admin/Admin123).
- Chinja password uye isa nguva yenguva.
- Wedzera marezinesi uye nyoresa zvishandiso zvinotarisirwa.
Kumisikidza Basic Policies uye Configurations:
To view dhata mudhibhodhi, gadzirisa mitemo yakakosha:
- Gadzirisa mitemo yakakosha yekuchengetedzwa kwetiweki.
- Kuti uwane zvigadziriso zvepamberi, tarisa kune yakazara mushandisi gwara.
FAQ:
Mubvunzo: Ndinowana sei Firepower Management Center web inowanikwa?
A: Unogona kuwana iyo web interface nekuisa iyo IP kero yeManagement Center mune yako web browser.
Kutanga neFirepower
Cisco Firepower inosanganisirwa sutu yetiweki chengetedzo uye zvigadzirwa zvetraffic manejimendi, inoiswa kungave pamapuratifomu akavakwa-chinangwa kana sesoftware mhinduro. Iyo sisitimu yakagadzirirwa kukubatsira kubata network traffic nenzira inoenderana nesangano rako rekuchengetedza mutemo - nhungamiro yako yekudzivirira network yako.
Mune yakajairika kutumirwa, akawanda traffic-inonzwa anochengetedzwa zvishandiso akaiswa panetiweki zvikamu zvinotarisisa traffic kuti iongororwe uye taura kune maneja:
- Firepower Management Center
- Firepower Device Manager
Adaptive Security Device Manager (ASDM)
Mamaneja anopa yepakati manejimendi koni ine graphical mushandisi interface iyo iwe yaunogona kushandisa kuita manejimendi, manejimendi, kuongorora, uye kushuma mabasa.
Gwaro iri rinotarisa paFirepower Management Center inogadzirisa mudziyo. Kuti uwane ruzivo nezve Firepower Chishandiso Maneja kana ASA ine FirePOWER Services inotungamirwa kuburikidza neASDM, ona madhairekitori eiyo nzira dzekutarisira.
- Cisco Firepower Kutyisidzira Kudzivirirwa Kugadzirisa Gaidhi yeFirepower Chidimbu Maneja
- ASA ine FirePOWER Services Local Management Configuration Guide
- Kurumidza Kutanga: Basic Setup, papeji 2
- Firepower Devices, pane peji 5
- Firepower Features, papeji 6
- Kuchinja Domains paFirepower Management Center, papeji 10
- The Context Menu, papeji 11
- Kugovera Dhata neCisco, pane peji 13
- Firepower Online Rubatsiro, Maitiro, uye Zvinyorwa, pane peji 13
- Firepower System IP Kero Kokorodzano, pane peji 16
- Zvimwe Zvishandiso, papeji 16
Kurumidza Kutanga: Basic Setup
Iyo Firepower ficha seti ine simba uye inochinjika zvakakwana kutsigira zvakakosha uye zvepamberi zvigadziriso. Shandisa zvikamu zvinotevera kukurumidza kumisa Firepower Management Center nemidziyo yayo inotungamirwa kuti utange kudzora nekuongorora traffic.
Kuisa uye Kuita Chekutanga Setup pane Zvemuviri Zvishandiso
Maitiro
Isa uye ita yekutanga kuseta pamidziyo yese yekushandisa uchishandisa zvinyorwa zvemudziyo wako:
- Firepower Management Center
Cisco Firepower Management Center Kutanga Kutungamira kune yako hardware modhi, inowanikwa kubva http://www.cisco.com/go/firepower-mc-install - Firepower Threat Defense yakachengetedzwa zvishandiso
Zvakakosha Regedza Firepower Device Manager zvinyorwa pamapeji aya.
- Cisco Firepower 2100 Series Getting Start Guide
- Cisco Firepower 4100 Kutanga Gwaro
- Cisco Firepower 9300 Kutanga Gwaro
- Cisco Firepower Kutyisidzira Kudzivirira kweiyo ASA 5508-X uye ASA 5516-X Kushandisa Firepower Management Center Kurumidza Kutanga Guide.
- Cisco Firepower Threat Defense yeASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, uye ASA 5555-X Kushandisa Firepower Management Center Quick Start Guide.
- Cisco Firepower Kutyisidzira Kudzivirira kweiyo ISA 3000 Kushandisa Firepower Management Center Kurumidza Kutanga Gwaro
Zvishandiso zveClassic
- Cisco ASA FirePOWER Module Quick Start Guide
- Cisco Firepower 8000 Series Getting Start Guide
- Cisco Firepower 7000 Series Getting Start Guide
Kuendesa Virtual Zvishandiso
Tevedza nhanho idzi kana kutumira kwako kuchisanganisira midziyo yemagetsi. Shandisa magwaro emugwagwa kuti uwane
mapepa akanyorwa pazasi: http://www.cisco.com/c/en/us/td/docs/security/firepower/roadmap/ firepower-roadmap.html.
Maitiro
- Nhanho 1 Sarudza iwo anotsigirwa chaiwo mapuratifomu auchashandisa eManagement Center nemidziyo (izvi zvingave zvisina kufanana). Ona iyo Cisco Firepower Compatibility Guide.
- Nhanho 2 Deploy virtual Firepower Management Centers pane inotsigirwa yePublic and Private Cloud nharaunda. Ona, Cisco Chengetedza Firewall Management Center Virtual Getting Start Guide.
- Nhanho 3 Tumira chaiwo madhizaini emudziyo wako pane inotsigirwa Yeruzhinji uye Yakavanzika gore nharaunda. Kuti uwane rumwe ruzivo, ona zvinyorwa zvinotevera.
- NGIPSv inomhanya paVMware: Cisco Firepower NGIPSv Quick Start Guide yeVMware
- Cisco Firepower Threat Defense yeASA 5508-X uye ASA 5516-X Kushandisa Firepower Management
Center Quick Start Guide
- Firepower Threat Defense Virtual inomhanya paPublic and Private Cloud nharaunda, ona Cisco Secure Firewall Threat Defense Virtual Getting Start Guide, Version 7.3.
Kupinda Kwekutanga
Usati watanga
- Gadzirira midziyo yako yemagetsi sekutsanangurwa kwazvinoitwa muKuisa uye Kuita Chekutanga Setup paZvishandiso Zvenyama, papeji 2 kana Kuendesa Virtual Appliances, papeji 3.
Maitiro
- Step 1 Pinda muFirepower Management Center web interface ine admin sezita rekushandisa uye Admin123 sepassword. Chinja password yeakaundi iyi sekutsanangurwa kwazvinoitwa muKukurumidza Kutanga Gwaro remudziyo wako.
- Step 2 Seta nguva yenguva yeakaundi iyi sekutsanangurwa kwazvinoitwa muKuseta Yako Default Time Zone.
- Step 3 Wedzera marezinesi sekutsanangurwa kwazvinoitwa muRezinesi iyo Firepower System.
- Nhanho 4 Nyoresa zvishandiso zvinogadziriswa sekutsanangurwa kwazvino wedzera Chishandiso kuFMC.
- Nhanho 5 Gadzirisa zvishandiso zvako zvinogadziriswa sezvinotsanangurwa mu:
- Nhanganyaya kuIPS Deployment uye Configuration, kugadzirisa passive kana inline interfaces pa7000 Series kana 8000 Series zvishandiso.
- Inowanikwa pamusoroview yeFirepower Threat Defense, kugadzirisa pachena kana kufambiswa modhi paFirepower Threat Defense zvishandiso
- Inowanikwa pamusoroview yeFirepower Threat Defense, kugadzirisa mainterfaces paFirepower Threat Defense zvishandiso
Zvekuita zvinotevera
- Tanga kudzora uye kuongorora traffic nekugadzirisa zvakakosha marongero sekutsanangurwa kwazvinoitwa muKumisikidza Basic Policies uye Configurations, papeji 4.
Kumisikidza Basic Policies uye Configurations
Iwe unofanirwa kugadzirisa uye kuendesa masisitimu ekutanga kuti uone data mudhibhodhi, Context Explorer, uye matafura ezviitiko.
Iyi haisi nhaurirano izere yepolicy kana maitiro ezvimiro. Kuti uwane nhungamiro pane mamwe maficha uye mamwe magadzirirwo epamberi, ona mamwe egwaro iri.
Cherechedza
Usati watanga
- Log into the web interface, isa nzvimbo yako yenguva, wedzera marezinesi, rejista zvishandiso, uye gadzirisa zvishandiso sezvakatsanangurwa muLogging In Kekutanga, papeji 3.
Maitiro
- Danho 1 Gadzirisa mutemo wekudzora kupinda sekutsanangurwa kwazvinoitwa muKugadzira Yekutanga Kupinda Kudzora Policy.
- Muzviitiko zvakawanda, Cisco inokurudzira kuseta iyo Balanced Chengetedzo uye Yekubatanidza intrusion mutemo seyako yekusaita chiito. Kuti uwane rumwe ruzivo, ona Access Control Policy Default Action uye System-Yakapiwa Network Analysis uye Intrusion Policies.
- Kazhinji, Cisco inokurudzira kugonesa matanda ekubatanidza kuti asangane nekuchengetedza uye kuteedzera zvinodiwa zvesangano rako. Funga nezve traffic panetiweki yako paunenge uchifunga kuti ndeapi majoini ekupinda kuitira kuti usasanganise zviratidziro zvako kana kuremedza system yako. Kuti uwane rumwe ruzivo, ona About Connection Logging.
- Danho 2 Shandisa iyo system-yakapihwa default health policy sezvakatsanangurwa muKushandisa Health Policies.
- Nhanho 3 Gadzirisa mashoma ehurongwa hwako masisitimu:
- Kana iwe uchida kubvumidza kupinda mukati mesevhisi (yeexample, SNMP kana syslog), shandura zviteshi murunyoro rwekuwana sezvinotsanangurwa muGadzirisa Runyorwa rweKupinda.
- Nzwisisa uye funga kugadzirisa yako dhatabhesi chiitiko miganho sezvakatsanangurwa muKugadzirisa Database Chiitiko Limits.
- Kana iwe uchida kushandura mutauro wekuratidzira, gadzirisa marongero emutauro sezvakatsanangurwa muSeta Mutauro we Web Interface.
- Kana sangano rako richirambidza kupinda kunetiweki uchishandisa sevha yeproxy uye hauna kugadzirisa zvigadziriso zvevamiririri panguva yekutanga kugadzirisa, gadzirisa zvigadziriso zvemumiririri wako sekutsanangurwa kwazvinoitwa muKugadzirisa FMC Management Interfaces.
- Nhanho 4 Gadzirisa yako network yekuwana mutemo sezvakatsanangurwa muKugadzira iyo Network Discovery Policy. Nekusagadzikana, iyo network yekuwana mutemo inoongorora ese traffic pane yako network. Kazhinji, Cisco inopa zano kurambidza kuwanikwa kune kero muRFC 1918.
- Step 5 Funga kugadzirisa aya mamwe marongero akajairika:
- Kana iwe usingade kuratidza meseji pop-ups, dzima zviziviso sezvakatsanangurwa muKugadzirisa Yekuzivisa Behavior.
- Kana iwe uchida kugadziridza iyo yakasarudzika kukosha kune masisitimu akasiyana, nzwisisa mashandisiro azvo sekutsanangurwa kwavo muVariable Sets.
- Kana iwe uchida kugadzirisa iyo Geolocation Database, gadziridza nemaoko kana pane yakarongwa sezvakatsanangurwa muKugadziridza iyo Geolocation Database.
- Kana iwe uchida kugadzira mamwe maakaundi emushandisi akatenderwa munharaunda kuti uwane iyo FMC, ona Wedzera Wemukati Mushandisi pa Web Interface.
- Kana iwe uchida kushandisa LDAP kana RADIUS chekunze chechokwadi kuti ubvumidze kupinda kuFMC, ona Gadzirisa. External Authentication.
- Nhanho 6 Shandisa shanduko yekuchinja; ona Deploy Configuration Changes.
Zvekuita zvinotevera
- Review uye funga kugadzirisa zvimwe zvinotsanangurwa muFirepower Features, papeji 6 uye nemamwe egwaro iri.
Firepower Devices
Mukujaira kutumirwa, akawanda traffic-inobata michina inoshuma kune imwe Firepower Management Center, iyo yaunoshandisa kuita manejimendi, manejimendi, kuongorora, uye kushuma mabasa.
Classic Devices
Zvishandiso zveClassic zvinomhanyisa chizvarwa chinotevera IPS (NGIPS) software. Zvinosanganisira:
- Firepower 7000 akatevedzana uye Firepower 8000 akatevedzana emuviri zvishandiso.
- NGIPSv, yakaitirwa paVMware.
- ASA ine FirePOWER Services, inowanikwa pane yakasarudzwa ASA 5500-X akatevedzana zvishandiso (inosanganisirawo ISA 3000). Iyo ASA inopa yekutanga-mutsara system mutemo, uye yobva yapfuudza traffic kune ASA FirePOWER module yekutsvaga uye yekuwana kutonga.
Ziva kuti iwe unofanirwa kushandisa iyo ASA CLI kana ASDM kugadzirisa iyo ASA-yakavakirwa maficha pane ASA FirePOWER mudziyo. Izvi zvinosanganisira kuwanikwa kwepamusoro kwemudziyo, kushandura, kutenderera, VPN, NAT, zvichingodaro.
Iwe haugone kushandisa iyo FMC kumisikidza ASA FirePOWER nzvimbo, uye iyo FMC GUI hairatidze ASA interfaces kana iyo ASA FirePOWER ichiiswa muSPAN port mode. Zvakare, haugone kushandisa iyo FMC kuvhara, kutangazve, kana neimwe nzira kubata ASA FirePOWER maitiro.
Firepower Inotyisidzira Zvidziviriro Zvishandiso
A Firepower Threat Defense (FTD) mudziyo unotevera-chizvarwa firewall (NGFW) iyo zvakare ine NGIPS kugona. NGFW uye maficha epuratifomu anosanganisira saiti-kune-saiti uye kure yekuwana VPN, yakasimba routing, NAT, clustering, uye kumwe optimizations mukuongorora kwekushandisa uye kutonga kwekuwana.
FTD inowanikwa pane dzakasiyana siyana dzemuviri uye chaiwo mapuratifomu.
Kugarisana
Kuti uwane rumwe ruzivo nezve maneja-chishandiso kuenderana, kusanganisira iyo software inoenderana neyakasiyana mamodheru emudziyo, chaiwo ekutambira nharaunda, anoshanda masisitimu, uye zvichingodaro, ona Cisco Firepower Release Notes uye Cisco Firepower Compatibility Guide.
Firepower Features
Aya matafura anonyora mamwe anowanzo shandiswa Firepower maficha.
Appliance uye System Management Zvimiro
Kuti uwane zvinyorwa zvausina kujaira, ona: http://www.cisco.com/c/en/us/td/docs/security/firepower/roadmap/firepower-roadmap.html
| Kana uchida ku… | Gadzirisa... | Sezvakatsanangurwa mu… |
| Tonga maakaundi emushandisi ekupinda mumidziyo yako yeFirepower | Firepower authentication | NezveMaakaundi Emushandisi |
| Tarisa hutano hwesystem hardware uye software | Hutano hwekutarisa mutemo | About Health Monitoring |
| Chengetedza data pachishandiso chako | Backup uye dzorera | Backup uye Dzosera |
| Simudzira kune itsva Firepower vhezheni | System updates | Cisco Firepower Management Center Upgrade Guide, Version 6.0–7.0 |
| Baseline mudziyo wako wepanyama | Dzosera kune zvigadziriso zvefekitari (mufananidzo) | The Cisco Firepower Management Center Kukwidziridza Guide, Version 6.0–7.0, kune runyorwa rwezvinongedzo kune mirairo pakuita patsva kuisa. |
| Gadziridza iyo VDB, intrusion mutemo inogadziridza, kana GeoDB pachishandiso chako | Vulnerability Database (VDB) inogadziridza, intrusion mutemo inogadziridza, kana Geolocation Database (GeoDB) inogadziridza. | System Updates |
| Kana uchida ku… | Gadzirisa... | Sezvakatsanangurwa mu… |
| Nyorera marezinesi kuti utore advantage yerezinesi-inodzorwa mashandiro | Classic kana Smart rezinesi | About Firepower License |
| Iva nechokwadi chekuenderera mberi kwekushanda kwemudziyo | Yakagadziriswa mudziyo kuwanikwa kwepamusoro uye/kana Firepower Management Center yakakwirira kuwanikwa | About 7000 uye 8000 Series mudziyo High Kuwanikwa
Nezve Firepower Kutyisidzira Kudzivirirwa Kwepamusoro Kuwanikwa Nezve Firepower Management Center High Kuwanikwa |
| Sanganisa kugadzirisa zviwanikwa zveakawanda 8000 Series zvishandiso | Device stacking | About Device Stacks |
| Gadzirisa mudziyo wekufambisa traffic pakati pemafano maviri kana anopfuura | Routing | Virtual Routers
Routing Overview yeFirepower Threat Defense |
| Gadzirisa packet switching pakati pemanetiweki maviri kana anopfuura | Kuchinja kwemudziyo | Virtual Swichi
Gadzirisa Bridge Group Interfaces |
| Shandura kero dzepachivande kuita kero dzeveruzhinji kuti uwane mainternet | Kushandura Kero yeNetiweki (NAT) | NAT Policy Configuration
Network Kero Dudziro (NAT) yeFirepower Threat Defense |
| Gadzira mugero wakachengeteka pakati peinochengetedzwa Firepower Threat Defense kana 7000/8000 Series zvishandiso. | Site-to-Site virtual private network (VPN) | VPN Pamusoroview yeFirepower Threat Defense |
| Gadzira nzira dzakachengeteka pakati pevashandisi vari kure uye yakachengetedzwa Firepower Threat
Zvishandiso zvekudzivirira |
Remote Access VPN | VPN Pamusoroview yeFirepower Threat Defense |
| Chikamu chemushandisi kuwana kune inogadziriswa zvishandiso, zvigadziriso, uye zviitiko | Multitenancy uchishandisa domains | Nhanganyaya kune Multitenancy Uchishandisa Domains |
| View uye gadzirisa mudziyo
gadziriso uchishandisa REST API mutengi |
REST API uye REST API
Explorer |
REST API Preferences
Firepower REST API Yekukurumidza Kutanga Gwaro |
| Gadzirisa nyaya | N/A | Troubleshooting iyo System |
Kuwanikwa Kwepamusoro uye Scalability Zvimiro nePlatform
Kugadziriswa kwekuwanikwa kwepamusoro (dzimwe nguva kunonzi failover) inovimbisa kuenderera kwekushanda. Zvirongwa zvakaunganidzwa uye zvakaturikidzana zvinounganidza zvishandiso zvakawanda pamwechete sechinhu chimwe chine musoro, kuwana kuwedzera kwekuwedzera uye redundancy.
| Platform | Kuwanikwa Kwepamusoro | Clustering | Stacking |
| Firepower Management Center | Ehe
Kunze kweMC750 |
— | — |
| Firepower Management Center Virtual | — | — | — |
|
Ehe | — | — |
Firepower Threat Defense:
|
Ehe | Ehe | — |
Firepower Threat Defense Virtual:
|
Ehe | — | — |
Firepower Threat Defense Virtual (gore reruzhinji):
|
— | — | — |
|
Ehe | — | — |
|
Ehe | — | Ehe |
| ASA FirePOWER | — | — | — |
| NGIPSv | — | — | — |
Related Topics
About 7000 uye 8000 Series mudziyo High Kuwanikwa
Nezve Firepower Kutyisidzira Kudzivirirwa Kwepamusoro Kuwanikwa
Nezve Firepower Management Center High Kuwanikwa
Zvimiro zvekuona, Kudzivirira, uye Kugadzira Zvinogona Kutyisidzira
Kuti uwane zvinyorwa zvausina kujaira, ona: http://www.cisco.com/c/en/us/td/docs/security/firepower/roadmap/firepower-roadmap.html
| Kana uchida ku… | Gadzirisa... | Sezvakatsanangurwa mu… |
| Ongorora, log, uye tora chiito pane network traffic | Access control policy, mubereki wemamwe mapolicy akati wandei | Nhanganyaya yeAccess Control |
| Vhara kana tarisa kubatana kune kana kubva kuIP kero, URLs, uye/kana mazita emadomasi | Chengetedzo Intelligence mukati memutemo wako wekuwana kutonga | Nezve Security Intelligence |
| Control the webmasaiti anogona kuwanikwa nevashandisi venetwork yako | URL kusefa mukati memitemo yako yemitemo | URL Kusefa |
| Monider yakaipa traffic uye intrusions pane yako network | Intrusion policy | Intrusion Policy Basics |
| Vimba yakavharidzirwa traffic pasina kuongororwa
Ongorora yakavharidzirwa kana decrypted traffic |
SSL mutemo | SSL Mitemo Yaperaview |
| Tailor yakadzama yekuongorora kune yakavharirwa traffic uye kugadzirisa mashandiro nefastpathing | Prefilter policy | Nezve Prefiltering |
| Rate kuganhura network traffic inotenderwa kana kuvimbwa nekutonga kwekuwana | Hunhu hweSevhisi (QoS) mutemo | Pamusoro peQoS Policies |
| Bvumira kana vhara files (kusanganisira malware) panetiweki yako | File/malware policy | File Mitemo uye Dziviriro yeMalware |
| Shandisa data kubva kune kutyisidzira njere masosi | Cisco Threat Intelligence Director (TID) | Kutyisidzira Intelligence Director Overview |
| Gadzirisa kungoita kana inoshanda mushandisi kutendeseka kuita mushandisi kuziva uye kutonga kwemushandisi | Kuziva kwemushandisi, kuzivikanwa kwemushandisi, mitemo yekuzivikanwa | Nezve Mushandisi Identity Source Nezve Identity Policies |
| Unganidza host, application, uye data remushandisi kubva traffic panetiweki yako kuti uite ruzivo rwemushandisi | Network Discovery policy | Overview: Network Discovery Policies |
| Shandisa zvishandiso zvinopfuura Firepower system yako kuunganidza uye kuongorora data nezve network traffic uye zvinogona kutyisidzira | Kubatanidzwa nekunze zvishandiso | Chiitiko Ongororo Uchishandisa Zvekunze Zvishandiso |
| Ita kuona uye kutonga kwekushandisa | Mashandisirwo emagetsi | Overview: Kuonekwa Kwekushandisa |
| Gadzirisa nyaya | N/A | Troubleshooting iyo System |
Kubatanidzwa neZvishandiso Zvekunze
Kuti uwane zvinyorwa zvausina kujaira, ona: http://www.cisco.com/c/en/us/td/docs/security/firepower/roadmap/firepower-roadmap.html
| Kana uchida ku… | Gadzirisa... | Sezvakatsanangurwa mu… |
| Tanga kugadzirisa otomatiki kana mamiriro panetiweki yako atyora mutemo wakabatana | Remediations | Nhanganyaya Yekugadzirisa
Firepower System Remediation API Guide |
| Tevedzera chiitiko data kubva kuFirepower Management Center kuenda ku
custom-developed client application |
eStreamer kubatanidzwa | eStreamer Server Kutenderera
Firepower System eStreamer Integration Guide |
| Query database matafura pane Firepower Management Center uchishandisa wechitatu-bato mutengi | Kuwanikwa kwedatabase rekunze | External Database Access Settings
Firepower System Database Access Guide |
| Wedzera data yekuwana nekuunza data kubva kune wechitatu-bato masosi | Kupinza kwemugamuchiri | Host Input Data
Firepower System Host Input API Guide |
| Ongorora zviitiko uchishandisa ekunze chiitiko chekuchengetedza data maturusi uye imwe data
zviwanikwa |
Kubatanidzwa nekunze kwechiitiko chekuongorora maturusi | Chiitiko Ongororo Uchishandisa Zvekunze Zvishandiso |
| Gadzirisa nyaya | N/A | Troubleshooting iyo System |
Kuchinja Domains paFirepower Management Center
Mukutumirwa kwemultidomain, ropafadzo dzemushandisi dzinotarisa kuti ndeapi madomasi anogona kuwanikwa nemushandisi uye kuti ndeapi ropafadzo mushandisi ane mukati meimwe neimwe yeaya madomasi. Iwe unogona kubatanidza account yemushandisi imwechete nemadomasi akawanda uye kupa maruramiro akasiyana emushandisi iyeye mudura rega rega. For example, unogona kugovera mushandisi
maropafadzo ekuverenga-chete muGlobal domain, asi Maropafadzo eMutongi ari mudzinza redzinza.
Vashandisi vane hukama nemadomasi akawanda vanogona kushandura pakati pemadomasi mukati meiyo yakafanana web interface session.
Pasi pezita rako rekushandisa mubhabhu, iyo system inoratidza muti weanowanikwa madomasi. Muti:
- Inoratidza madzitateguru madomasi, asi inogona kumisa kupinda kwairi zvichienderana neropafadzo dzakapihwa kuaccount yako yemushandisi.
- Inoviga chero imwe dhomeini yako yemushandisi account yausingakwanise kuwana, kusanganisira yehama nevazukuru.
Kana iwe uchichinjira kune domain, iyo system inoratidza:
- Data inoenderana neiyo domain chete.
- Sarudzo dzemenu dzakatemerwa nebasa remushandisi rakapihwa iwe kune iyo domain.
Maitiro
Kubva pane yekudonhedza pasi pasi pezita rako remushandisi, sarudza iyo domain yaunoda kuwana.
The Context Menu
Mamwe mapeji muFirepower System web interface inotsigira kudzvanya-kurudyi (kwakawanda) kana kuruboshwe-tinya mamiriro menyu yaunogona kushandisa senzira yekudimbudzira yekuwana mamwe maficha muFirepower System. Zviri mukati memenu yemukati zvinoenderana nekwaunozviwana - kwete peji chete asiwo iyo chaiyo data.
For example:
- IP kero hotspots inopa ruzivo nezve mugadziri ane hukama nekero iyoyo, kusanganisira chero inowanikwa whois uye host profile ruzivo.
- SHA-256 hash kukosha hotspots inobvumidza iwe kuwedzera a file's SHA-256 hash kukosha kune yakachena runyorwa kana tsika yekuona runyorwa, kana view iyo yose hashi kukosha kwekukopa. Pamapeji kana nzvimbo dzisingatsigire Firepower System mamiriro emukati, iyo yakajairika menyu yemukati yebrowser yako inooneka.
Policy Editors
Vazhinji vapepeti vemitemo vane hotspots pamusoro pemutemo wega wega. Iwe unogona kuisa mitemo mitsva uye zvikamu; cheka, kopi, uye unamate mitemo; gadza mutemo wenyika; uye gadzirisa mutemo.
Kupindira Mitemo Mupepeti
Iyo intrusion mitemo edhita ine hotspots pamusoro pemutemo wega wega wekupinda. Iwe unogona kugadzirisa mutemo, kuseta iyo mutemo mamiriro, gadzirisa chikumbaridzo uye kudzvinyirira sarudzo, uye view mutemo zvinyorwa. Sarudzo, mushure mekudzvanya Rule zvinyorwa mumenu yemukati, unogona kudzvanya Rule Documentation mune zvinyorwa pop-up hwindo kuti view zvakawanda-zvakananga mutemo mashoko.
Chiitiko Viewer
Mapeji echiitiko (iyo yekudonha-pasi mapeji uye tafura views inowanikwa pasi peAnalysis menyu) ine hotspots pamusoro pechiitiko chimwe nechimwe, IP kero, URL, DNS mubvunzo, uye chokwadi files' SHA-256 hash kukosha. Apo viewnemhando dzakawanda dzezviitiko, unogona:
- View ruzivo rwakabatana muContext Explorer.
- Dhonza pasi muruzivo rwechiitiko muhwindo idzva.
- View iwo mameseji akazara munzvimbo dzine ndima yechiitiko ine mavara akareba kuti anyatso kuratidzwa muchiitiko view, zvakadai a file's SHA-256 hashi kukosha, tsananguro yekusagadzikana, kana a URL.
- Vhura a web hwindo rebrowser rine ruzivo rwakadzama nezve chinhu kubva kunobva kunze kune Firepower, uchishandisa iyo Contextual Cross-Launch chimiro. Kuti uwane rumwe ruzivo, ona Chiitiko Kuongorora Kushandisa Web-Based Resources.
- (Kana sangano rako rakaisa Cisco Security Packet Analyzer) Ongorora mapaketi ane chekuita nechiitiko. Kuti uwane rumwe ruzivo, ona Chiitiko Kuongorora Uchishandisa Cisco Security Packet Analyzer.
Nepo viewing zviitiko zvekubatanidza, unogona kuwedzera zvinhu kune default Security Intelligence Block uye Usavhare rondedzero:
- IP kero, kubva kune IP kero hotspot.
- A URL kana zita renzvimbo, kubva ku a URL hotspot.
- Mubvunzo weDNS, kubva kuDNS query hotspot.
Nepo viewkutorwa files, file zviitiko, uye malware zviitiko, unogona:
- Wedzera a file kubvisa kana kubvisa a file kubva pane yakachena runyorwa kana tsika yekuona runyorwa.
- Dhaunirodha kopi ye file.
- View nested files mukati me archive file.
- Dhaunirodha dura revabereki file nokuda kwedendere file.
- View the file composition.
- Tumira iyo file yemunharaunda malware uye dynamic analysis.
Nepo viewkana zviitiko zvekupindira, iwe unogona kuita mabasa akafanana kune ayo ari mune intrusion mitemo mupepeti kana intrusion policy:
- Rongedza mutemo wekukonzeresa.
- Seta mutemo wenyika, kusanganisira kudzima mutemo.
- Gadzirisa thresholding uye kudzvinyirira sarudzo.
- View mutemo zvinyorwa. Sarudzo, mushure mekudzvanya Rule zvinyorwa mumenu yemukati, unogona kudzvanya Rule Documentation mune zvinyorwa pop-up hwindo kuti view zvakawanda-zvakananga mutemo mashoko.
Intrusion Chiitiko Packet View
Intrusion chiitiko packet views ine IP kero hotspots. Packet view inoshandisa menyu yekudzvanya-kuruboshwe.
Dashboard
Mazhinji dashboard majeti ane hotspots kune view ruzivo rwakabatana muContext Explorer. Dashboard
majeti anogona zvakare kuve neIP kero uye SHA-256 hash kukosha hotspots.
Context Explorer
Iyo Context Explorer ine hotspots pamusoro pemachati ayo, matafura, uye magirafu. Kana iwe uchida kuongorora data kubva kumagirafu kana rondedzero mune zvakadzama kupfuura iyo Context Explorer inobvumira, unogona kudhiririra pasi patafura. views yedata rakakodzera. Unogonawo view yakabatana host, mushandisi, application, file, uye ruzivo rwemutemo wekupinda.
Iyo Context Explorer inoshandisa menyu yekudzvanya-kuruboshwe, iyo ine zvakare kusefa uye dzimwe sarudzo dzakasiyana neiyo Context Explorer.
Related Topics
Chengetedzo Intelligence Lists uye Feeds
Kugovera Data neCisco
Unogona kusarudza kugovera data neCisco uchishandisa zvinotevera maficha:
- Cisco Kubudirira Network
Ona Cisco Kubudirira Network - Web analytics
Ona (Sarudzo) Sarudza Kubuda Web Analytics Tracking
Firepower Online Rubatsiro, Maitiro, uye Zvinyorwa Unogona kuwana rubatsiro rwepamhepo kubva kune web interface:
- Nekudzvanya chinongedzo chekubatsira chinonzwa pane peji rega rega
- Nekusarudza Rubatsiro > Pamhepo
How To iwijeti inopa mafambiro ekufambisa kuburikidza nemabasa paFirepower Management Center.
Mafambiro anotungamira iwe kuti uite matanho anodiwa kuti uite basa nekukutora iwe nhanho imwe neimwe, imwe mushure meimwe zvisinei neakasiyana UI skrini iwe yaunga famba nayo, kuti upedze basa racho.
Iyo How To widget inogoneswa neiyo default. Kuti udzime widget, sarudza Zvido zveMushandisi kubva pane yekudonhedza pasi pasi pezita rako remushandisi, uye usatarise iyo Gonesa Sei-Tos cheki bhokisi muKuita-Kuita Settings.
Mafambiro acho anowanzo kuwanikwa kune ese maUI mapeji, uye haana-mushandisi-basa-anonzwa. Nekudaro, zvichienderana neropafadzo dzemushandisi, zvimwe zvezvinhu zvemenu hazvizooneke paFirepower Management Center interface. Nekudaro, mafambiro haaite pamapeji akadaro.
Cherechedza
Aya anotevera mafambiro anowanikwa paFirepower Management Center:
- Nyoresa FMC neCisco Smart Account: Iyi nzira inotungamira iwe kunyoresa Firepower Management Center neCisco Smart Account.
- Gadzira Chishandiso uye wochiwedzera kuFMC: Iyi yekufamba inokutungamira kuti umise chishandiso uye kuwedzera chishandiso kuFirepower Management Center.
- Gadzirisa Zuva uye Nguva: Iyi yekufamba inokutungamira kuti ugadzirise zuva uye nguva yeFirepower.
- Kutyisidzira Defence zvishandiso uchishandisa puratifomu marongero.
- Gadzirisa Interface Settings: Iyi yekufamba inotungamira iwe kugadzirisa iyo interfaces paFirepower Threat Defense zvishandiso.
- Gadzira iyo Access Control Policy: Iyo yekuwana yekudzora mutemo ine seti yemitemo yakarairwa, iyo inoongororwa kubva kumusoro kusvika pasi. Iyi walkthrough inotungamira iwe kuti ugadzire iyo yekupinda kutonga mutemo. Wedzera A Access Control Rule - A Feature Walkthrough: Iyi yekufamba inotsanangura zvikamu zve
mutemo wekutonga wekuwana, uye mashandisiro aungaite muFirepower Management Center. - Rongedza Routing Settings: Yakasiyana-siyana nzira maprotocol anotsigirwa neFirepower Threat Defense. A static nzira inotsanangura kwekutumira traffic kune chaiyo yekuenda network. Iyi walkthrough inotungamira iwe kugadzirisa static routing yemidziyo.
- Gadzira NAT Policy - A Feature Walkthrough: Iyi yekufamba inokutungamira iwe kugadzira iyo NAT mutemo uye inokufambisa iwe kuburikidza neakasiyana maficha emutemo weNAT.
Unogona kuwana mamwe magwaro ane chekuita neFirepower system uchishandisa zvinyorwa zvemugwagwa: http://www.cisco.com/c/en/us/td/docs/security/firepower/roadmap/firepower-roadmap.html
Yepamusoro-Yepamusoro Zvinyorwa Zvinyorwa Mapeji eFMC Deployments
Zvinyorwa zvinotevera zvinogona kubatsira pakugadzirisa Firepower Management Center deployments, Version 6.0+.
Mamwe emagwaro akabatanidzwa haashande kune Firepower Management Center deployments. For exampuye, mamwe malink paFirepower Threat Defense mapeji akananga kune deployments inotungamirirwa neFirepower Device Manager, uye zvimwe zvinongedzo pamapeji ehardware hazvina hukama neFMC. Kuti udzivise kuvhiringidzika, nyatsoteerera kune zvinyorwa zvinyorwa. Zvakare, mamwe magwaro anovhara zvigadzirwa zvakawanda uye nekudaro anogona kuoneka pamapeji akawanda echigadzirwa.
Firepower Management Center
- Firepower Management Center hardware midziyo: http://www.cisco.com/c/en/us/support/security/defense-center/tsd-products-support-series-home.html
- Firepower Management Center Virtual midziyo: • http://www.cisco.com/c/en/us/support/security/defense-center-virtual-appliance/tsd-products-support-series-home.html • http://www.cisco.com/c/en/us/support/security/defense-center/tsd-products-support-series-home.html
- Firepower Threat Defense, inonziwo NGFW (Inotevera Generation Firewall) zvishandiso
- Firepower Threat Defense software: http://www.cisco.com/c/en/us/support/security/firepower-ngfw/tsd-products-support-series-home.html
- Firepower Threat Defense Virtual: http://www.cisco.com/c/en/us/support/security/firepower-ngfw-virtual/tsd-products-support-series-home.html
- Firepower 4100 series: https://www.cisco.com/c/en/us/support/security/firepower-4100-series/tsd-products-support-series-home.html
- Firepower 9300: https://www.cisco.com/c/en/us/support/security/firepower-9000-series/tsd-products-support-series-home.html
- ISAYA 3000: https://www.cisco.com/c/en/us/support/security/industrial-security-appliance-isa/tsd-products-support-series-home.html
Zvigadzirwa zveClassic, zvinonziwo NGIPS (Next Generation Intrusion Prevention System) zvishandiso
- ASA ine FirePOWER Services:
- ASA 5500-X ine FirePOWER Services: • https://www.cisco.com/c/en/us/support/security/asa-firepower-services/tsd-products-support-series-home.html https://www.cisco.com/c/en/us/support/security/asa-5500-series-next-generation-firewalls/tsd-products-support-series-home.html
- ISA 3000 ine FirePOWER Services: https://www.cisco.com/c/en/us/support/security/industrial-security-appliance-isa/tsd-products-support-series-home.html
- Firepower 8000 series: https://www.cisco.com/c/en/us/support/security/firepower-8000-series-appliances/tsd-products-support-series-home.html
- Firepower 7000 series: https://www.cisco.com/c/en/us/support/security/firepower-7000-series-appliances/tsd-products-support-series-home.html
- AMP zveNetwork: https://www.cisco.com/c/en/us/support/security/amp-appliances/tsd-products-support-series-home.html
- NGIPSv (chaiyo mudziyo): https://www.cisco.com/c/en/us/support/security/ngips-virtual-appliance/tsd-products-support-series-home.html
Rezinesi Statements mune Gwaro
Chirevo cherezenisi pakutanga kwechikamu chinoratidza kuti ndeipi rezinesi reClass kana Smart raunofanirwa kupa kune inogadziriswa mudziyo muFirepower System kuti igone kugonesa chimiro chakatsanangurwa muchikamu.
Nekuti marezinesi ekugona anowanzo kuwedzera, rezinesi chirevo chinongopa rezinesi repamusoro rinodiwa pane chimwe nechimwe.
Chirevo che "kana" muChirevo cheRezinesi chinoratidza kuti iwe unofanirwa kupa rimwe rezinesi kune yakachengetedzwa mudziyo kuti ugonese chinhu chinotsanangurwa muchikamu, asi rezinesi rekuwedzera rinogona kuwedzera kushanda. For example, mukati a file policy, zvimwe file zviito zvekutonga zvinoda kuti upe rezinesi Redziviriro kumudziyo nepo vamwe vachida kuti upe rezinesi reMalware.
Kuti uwane rumwe ruzivo nezve marezinesi, ona About Firepower License.
Related Topics
About Firepower License
Inotsigirwa Devices Statements in the Documentation
Chirevo cheMidziyo Inotsigirwa panotangira chitsauko kana musoro wenyaya inoratidza kuti chimwe chinhu chinotsigirwa chete pane zvakatsanangurwa zvemudziyo, mhuri, kana modhi. For example, akawanda maficha anotsigirwa chete paFirepower Threat Defense zvishandiso.
Kuti uwane rumwe ruzivo nezve mapuratifomu anotsigirwa nekuburitswa uku, ona zvinyorwa zvekuburitsa.
Access Statements mune Gwaro
Chirevo cheAccess panotangira maitiro ega ega mugwaro rino rinoratidza mabasa akafanotaurwa emushandisi anodiwa kuita maitiro. Chero yemabasa akanyorwa anogona kuita maitiro.
Vashandisi vane mabasa echivanhu vanogona kuve nemvumo seti inosiyana neiyo yebasa rakafanotsanangurwa. Kana basa rakafanorongerwa richishandiswa kuratidza zvinodiwa zvekupinda mukuita, basa retsika rine mvumo yakafanana rinokwanisawo kuwana. Vamwe vashandisi vane mabasa etsika vanogona kushandisa nzira dzakasiyana-siyana dzemenu kuti vasvike mapeji ekugadzirisa. For example, vashandisi vane basa retsika vane chete intrusion policy ropafadzo vanowana iyo network yekuongorora mutemo kuburikidza neiyo intrusion policy pachinzvimbo cheyakajairwa nzira kuburikidza nekupinda kutonga mutemo.
Kuti uwane rumwe ruzivo nezve mabasa emushandisi, ona Mabasa emushandisi uye Gadzirisa Mabasa emushandisi e Web Interface.
Firepower System IP Kero Kokorodzano
Unogona kushandisa IPv4 Classless Inter-Domain Routing (CIDR) notation uye yakafanana IPv6 prefix urefu notation kutsanangura mabhuroki emakero munzvimbo dzakawanda muFirepower System.
Paunoshandisa CIDR kana prefix kureba notation kutsanangura block ye IP kero, iyo Firepower System inoshandisa chete chikamu chetiweki IP kero inotsanangurwa nemask kana prefix kureba. For example, kana ukanyora 10.1.2.3/8, Firepower System inoshandisa 10.0.0.0/8.
Mune mamwe mazwi, kunyangwe Cisco ichikurudzira nzira yakajairwa yekushandisa network IP kero padiki muganhu paunenge uchishandisa CIDR kana prefix kureba notation, iyo Firepower System haidi.
Zvimwe Zvishandiso
Iyo Firewalls Nharaunda inzvimbo yakazara yereferensi yezvinyorwa zvinozadzisa zvinyorwa zvedu zvakakura. Izvi zvinosanganisira zvinongedzo kune 3D modhi yehardware yedu, hardware gadziriso yekusarudza, chigadzirwa chibatiso, gadziriso ex.amples, matambudziko ehunyanzvi hwekugadzirisa manotsi, mavhidhiyo ekudzidzisa, lab uye Cisco Live zvikamu, nhepfenyuro yemagariro, Cisco Blogs uye zvese zvinyorwa zvakaburitswa neTechnical Publications timu.
Vamwe vevanhu vanotumira kunzvimbo dzenharaunda kana mawebhusaiti ekugovana mavhidhiyo, kusanganisira mamodhita, vanoshandira Cisco Systems. Mafungiro anoratidzwa pane iwo masaiti uye mune chero anowirirana zvirevo ndiwo maonero evanyori vekutanga, kwete eCisco. Izvo zvirimo zvinopihwa nekuda kweruzivo chete uye hazvireve kuve kutsigirwa kana kumiririrwa neCisco kana chero bato.
Cherechedza
Mamwe emavhidhiyo, manotsi ehunyanzvi, uye zvinyorwa muFirewalls Nharaunda inonongedza kune ekare mavhezheni eFMC. Yako vhezheni yeFMC uye vhezheni inoratidzwa mumavhidhiyo kana manotsi ehunyanzvi inogona kunge iine misiyano mushandisirwo yemushandisi inoita kuti maitiro asafanane.
Kutanga neFirepower
Zvinyorwa / Zvishandiso
 |
CISCO Yakatanga NeFirepower Kuita Kwekutanga Setup [pdf] Bhuku reMushandisi Yakatanga neFirepower Kuita Kwekutanga Setup, Firepower Kuita Kwekutanga Setup, Kuita Yekutanga Setup, Yekutanga Setup, Setup. |
