| | | | |

Fulfilling Prerequisites – Cisco Firewall Deployment in Routed Mode

Fulfilling Prerequisites Do you remember the last part of the threat defense installation and initialization process? During the initialization, the threat defense prompts to confirm the firewall mode, and you can select between routed mode and transparent mode (see Example 4-1). If you selected routed mode during the system initialization, you can skip this section…

Virtual Network for Management Traffic – Cisco Deployment of Secure Firewall Virtual

Virtual Network for Management Traffic A management center virtual appliance requires only one interface for management communication, whereas a threat defense virtual appliance requires at least four interfaces—one interface for management communication and three interfaces for traffic inspection. The virtual network interfaces are predefined in the ESXi and VI templates. However, before you attempt to…

Best Practices – Cisco Deployment of Secure Firewall Virtual

Best Practices Best practices for deploying a Secure Firewall virtual appliance on VMware ESXi are as follows: After you download the appropriate file for a Secure Firewall virtual appliance from cisco.com, always verify the checksum of the file you have downloaded to confirm that the file is not corrupt and has not been modified during…

Software Package Selection – Cisco Deployment of Secure Firewall Virtual

Software Package Selection In a Secure Firewall deployment, the management center software version should be equal to or greater than the version running on its managed threat defense devices. For example, if you deploy a threat defense with Version 7.0, its remote manager—the management center—must be running Version 7.0 or greater. You must choose the…

Virtual Resource Allocation – Cisco Deployment of Secure Firewall Virtual

Virtual Resource Allocation A virtual appliance obtains its memory, virtual processor, and storage from the resource pools of its host server. The performance of a virtual appliance is subject to the resources you allocate from that resource pool. For optimal performance, you should always consider allocating the Cisco recommended number of resources to your Secure…

Cisco Secure Firewall on a Virtual Platform – Cisco Deployment of Secure Firewall Virtual

Cisco Secure Firewall on a Virtual Platform The Cisco Secure Firewall components—both management center and threat defense—are fully interoperable with any hardware and virtual appliance models. For example, you can deploy a management center in a virtual environment while its threat defense devices may be based on Cisco hardware, or vice versa. Deployment of Secure…

“Do I Know This Already?” Quiz – Cisco Deployment of Secure Firewall Virtual

“Do I Know This Already?” Quiz The “Do I Know This Already?” quiz enables you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt about your answers to these questions or your own assessment of your knowledge of the topics, read…

High Availability – Cisco Introduction to Cisco Secure Firewall and IPS

High Availability The high availability capability of Secure Firewall enables you to ensure business continuity during an unplanned outage. You can enable high availability on both Secure Firewall components—management center and threat defense. Both participating peers in a high availability pair must be the same model and be running the same software version. In a…

Clustering – Cisco Introduction to Cisco Secure Firewall and IPS

Clustering As your organization grows, your Secure Firewall deployment can also expand to support its network growth. If you are running a higher Cisco Secure Firewall model, you do not need to replace your existing devices for additional horsepower; you can simply add extra threat defense devices to your existing deployment and group them into…

Software and Hardware Architecture – Cisco Introduction to Cisco Secure Firewall and IPS

Software and Hardware Architecture Right after acquisition, Cisco integrated Sourcefire’s next-generation security technologies on Cisco’s existing firewall solutions, called the Adaptive Security Appliances (ASA). In that early implementation, Sourcefire technologies were running as a separate service module. Later, Cisco designed new hardware platforms to support Sourcefire technologies natively. They are named Cisco Firepower, which was…