Cisco has released a new code for their Firepower devices and the first thing you’ll notice is how they updated the login page, which is a nice change from the legacy.
Be forewarned that the new 6.5 code uses a new hardened password and it cannot be recovered, so be careful here!
Next, you will be asked if you want to license the device, but that’s it – no more time consuming configuration before you are let into the FMC. Why? The reason you had to configure the FMC with DNS addresses and search domains in previous codes is because they had the NTP server of the FMC set with a hostname and still do, so the NTP name had to be resolved. In 6.5 they have added the Umbrellas IP address in the FMC management settings, which solved that issue and we no longer need any pre-configurations. This makes logging in the first time to a new FMC at least 10 minutes faster.
One of the nice features is the new dropdown menus that are easier to traverse than the legacy screen. Here is a shot of the Analysis drop down menu.
However, once this novelty wears off, you’ll be switching back to the Classic screen which can easily be changed in the User / User Preferences
Why change back? Although the new GUI is intuitive and it’s easier to traverse in some or even most ways, it is for sure much, much slower, and if you work on the Firepower Management Center (FMC) even a few hours a week, you are already at your your wits limits with delays in the Analysis screens. However, be sure to check out the new GUI, which has been decided to be disabled by default for now.
So what’s deprecated with 6.5?
…well, the System>Integration>Identity Sources shows the following now, so it’s not gone yet:
The SourceFire User Agent (also referred to as Firepower User Agent) is a mid 1990’s supplicant that worked well, but need to be replaces. I already have most of my customer on PxGrid and you should be as well, but I believe the Defense Orcastrater will also possible be a solution here.
So what’s are the new features with 6.5?
First and foremost, there is a great migration feature that can be used to transfer a vFMC to a hardware FMC, for example. This is long overdue! However, there is a big caveat here: You can only migrate to a new FMC such as 1600/2600/4600/v300…that is somewhat disappointing, but this is still a welcome new feature.
Secondly, there is a new URL Category and Reputation process now done through Talos and not Brightcloud, and it’s really good. I’ve tested this thoroughly and had no issues.
Notice that Query Cisco Cloud for Unknown URLs have been enabled since 6.3, but you can dispute a URL category and reputation, which I’ve had to do with Brightcloud for many customers and my own home page as well.
Now you’ll see the new Categories and Reputations listed in the URL tab on a rule in the ACP
In Connection Events the new URL Categories and Reputations are displayed
Now you can find all the new categories at talosintelligence.com. Go to Reputation Center and choose Categories. You’ll then get a list of all the Categories and the new Reputations listed, along with some sample sites for each Category as shown below.
So for me, there was not a lot of big changes from 6.4 to 6.5, mostly because I didn’t work on the new REST API, Firepower Device Manager (FDM) and ASDM updates, which is where the biggest changes are. I’d certinaly like to list more new features here, but this post is already getting too long…We did test a new snort version as well, but that was pushed out to a later version. Again, the migration feature from one FMC to a different FMC is a really great feature of 6.5.
In conclusion: I beat the hell out of 6.5 with my own production network that has 60 clients on it, and I can recommend this code. Understand that I tested this with the policies and configurations that I use at my clients every day. I tested every policy on the FMC throughly with 6.5.
UPDATE 10/24/19: There is a NAT bug in 6.5, so please be aware of this before you upgrade!
Here is what I used to test 6.5 code for about the last 3 months:
- Two Cisco 2500 FMCs
- Twenty Virtual FMC’s, half I upgraded from 6.4 and the other half I installed new
- Two (unnamed) FTD devices in HA with 10Gig links, and boy are these awesome devices! Cisco’s going to have to try and pry them out of my hands when they want them back! Can’t wait till I can tell you about them in Mid Nov.
- Dozens of virtual FTD’s, half I upgraded and half I installed new
- Two FTD 1010’s in HA that are my favorite devices by far, and these little bad boys are going to change everything! These really needed to be out two years ago….On a 1010, each port can be either layer 2 or 3, has PoE, IBR, and up to to 60 logical routed ports for VLANs, subineterface, Etherchannel, and a lot more. I’m going to do a vblog on the 1010’s shortly….in the meantime, here is my awesome 1010…notice the two 0.6A PoE ports 7 & 8 on the right…
- Two 4140’s that really handles 6.5 with both FXOS and FTD with no issues. Powerful FTD boxes. Period.
Check out www.lammle.com for the latest in advanced Cisco products, videos and classes for Firepower/FTD with 6.5 code, ISE, IOS XR, AMP, the new NA/NP, Amazon AWS and more!