Some great changes in Cisco Firepower and Firepower Threat Defense (FTD) 6.2.2 code just released!
Need a Cisco FTD 6.2.2 hands-on class? www.lammle.com/firepower has it now starting 9/25!
Remote Access VPN Finally! Here’s what we got:
Management—A simple RA VPN wizard provides quick and easy setup of the following:
- RA VPN policy configurations, including connection profiles, group polices, address pools, and so on.
- Secure gateways and interfaces where remote users connect.
- The AnyConnect client image that users download when they initiate a VPN session using a computer. Mobile devices obtain AnyConnect from their App Store(s).
- Secured access (SSL)
- Authenticated and Authorized Access (AAA authentication)
- VPN connectivity (split tunneling, DNS, etc)
- Monitoring with identity integration (analysis)
- Availability—Firepower Threat Defense high availability, multiple interfaces (dual ISP), and multiple AAA servers are supported.
- Licensing—Smart Licensing, based on the AnyConnect 4.x model, for Apex, Plus, and VPN-only licenses. (NOTE: NO Eval license available for Anyconnect! What a pain!)
Firepower Device Manager on Firepower Threat Defense Virtual for VMware
You can now use FDM to manage FTD Virtual hosted on VMware. Because this is a newly supported implementation for Version 6.2.2, you need to deploy a new virtual device. You cannot update an earlier version of Firepower Threat Defense Virtual and then manage it with Firepower Device Manager.
Cisco Threat Intelligence Director
The Cisco Threat Intelligence Director (TID) operationalizes custom threat intelligence data, helping you aggregate additional intelligence data, configure defensive actions, and analyze threats in your environment.
By ingesting threat intelligence from third-party threat feeds and threat intelligence platforms, TID correlates enriched observations from Cisco security sensors to detect and alert on security incidents. With fewer false positives, you can focus on actual incidents that have been automatically blocked or monitored.
Automatic Application Bypass for Firepower Threat Defense
Needed feature that disappeared for a while! Automatic Application Bypass (AAB) is now available on Firepower Threat Defense devices managed by a Firepower Management Center. Previously, it was only available on non-Firepower Threat Defense devices.
Intelligent Application Bypass “All Applications” Option
When selected, if one of the IAB inspection performance thresholds is met, the system trusts any application that exceeds any flow bypass threshold, regardless of the application type.
Packet Capture at Time of Crash
Previously, the contents of any active capture on Firepower were not saved when the appliance experienced issues. You can now store active capture contents to flash/disk at the time of an appliance crash to facilitate troubleshooting.
Access Control Rule Creation with REST API
Using the REST API, the system now supports bulk access control rule creation. Previously, if you had thousands of rules to create, each rule required a post process that could take anywhere from 5-10 seconds to complete. Now, you can submit all of these rules through a single post process greatly reducing the amount of time it takes to perform this action.
There’s some other minor stuff, but I listed the new cool ones!