CISCO Started With Firepower Performing Initial Setup User Guide

CISCO Started With Firepower Performing Initial Setup

Specifications

• Product Name: Cisco Firepower
• Product Type: Network Security and Traffic Management
• Deployment Options: Purpose-built platforms or software solution
• Management Interface: Graphical User Interface

Product Usage Instructions

Installing and Performing Initial Setup on Physical Appliances:
Follow these steps to set up a Firepower Management Center on physical appliances:

1. Refer to the Start Guide for detailed installation instructions.

Deploying Virtual Appliances
If deploying virtual appliances, follow these steps:

1. Determine supported virtual platforms for the Management Center and devices.
2. Deploy virtual Firepower Management Centers on Public and Private cloud environments.
3. Deploy virtual devices for your appliance on supported cloud environments.

Logging In for the First Time:
In itial login steps for Firepower Management Center:

1. Log in with default credentials (admin/Admin123).
2. Change the password and set the time zone.
3. Add licenses and register managed devices.

Setting Up Basic Policies and Configurations:
To view data in the dashboard, configure basic policies:

1. Configure basic policies for network security.
2. For advanced configurations, refer to the complete user guide.

FAQ:
Q: How do I access the Firepower Management Center web interface?
A: You can access the web interface by entering the IP address of the Management Center in your web browser.

Getting Started With Firepower

Cisco Firepower is an integrated suite of network security and traffic management products, deployed either on purpose-built platforms or as a software solution. The system is designed to help you handle network traffic in a way that complies with your organization’s security policy—your guidelines for protecting your network.
In a typical deployment, multiple traffic-sensing managed devices installed on network segments monitor traffic for analysis and report to a manager:

• Firepower Management Center
• Firepower Device Manager
  Adaptive Security Device Manager (ASDM)

Managers provide a centralized management console with graphical user interface that you can use to perform administrative, management, analysis, and reporting tasks.
This guide focuses on the Firepower Management Center managing appliance. For information about the Firepower Device Manager or ASA with FirePOWER Services managed via ASDM, see the guides for those management methods.

• Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager
• ASA with FirePOWER Services Local Management Configuration Guide
• Quick Start: Basic Setup, on page 2
• Firepower Devices, on page 5
• Firepower Features, on page 6
• Switching Domains on the Firepower Management Center, on page 10
• The Context Menu, on page 11
• Sharing Data with Cisco, on page 13
• Firepower Online Help, How To, and Documentation, on page 13
• Firepower System IP Address Conventions, on page 16
• Additional Resources, on page 16

Quick Start: Basic Setup

The Firepower feature set is powerful and flexible enough to support basic and advanced configurations. Use the following sections to quickly set up a Firepower Management Center and its managed devices to begin controlling and analyzing traffic.

Installing and Performing Initial Setup on Physical Appliances

Procedure

Install and perform initial setup on all physical appliances using the documentation for your appliance:

• Firepower Management Center
  Cisco Firepower Management Center Getting Started Guide for your hardware model, available from http://www.cisco.com/go/firepower-mc-install

• Firepower Threat Defense managed devices

Important Ignore Firepower Device Manager documents on these pages.

• Cisco Firepower 2100 Series Getting Started Guide
• Cisco Firepower 4100 Getting Started Guide
• Cisco Firepower 9300 Getting Started Guide
• Cisco Firepower Threat Defense for the ASA 5508-X and ASA 5516-X Using Firepower Management Center Quick Start Guide
• Cisco Firepower Threat Defense for the ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, and ASA 5555-X Using Firepower Management Center Quick Start Guide
• Cisco Firepower Threat Defense for the ISA 3000 Using Firepower Management Center Quick Start Guide

Classic managed devices

• Cisco ASA FirePOWER Module Quick Start Guide
• Cisco Firepower 8000 Series Getting Started Guide
• Cisco Firepower 7000 Series Getting Started Guide

Deploying Virtual Appliances
Follow these steps if your deployment includes virtual appliances. Use the documentation roadmap to locate
the documents listed below: http://www.cisco.com/c/en/us/td/docs/security/firepower/roadmap/ firepower- roadmap.html.

Procedure

1. Step 1 Determine the supported virtual platforms you will use for the Management Center and devices (these may not be the same). See the Cisco Firepower Compatibility Guide.
2. Step 2 Deploy virtual Firepower Management Centers on the supported Public and Private cloud environment. See, Cisco Secure Firewall Management Center Virtual Getting Started Guide.
3. Step 3 Deploy virtual devices for your appliance on the supported Public and Private cloud environment. For details, see the following documentation.
   • NGIPSv running on VMware: Cisco Firepower NGIPSv Quick Start Guide for VMware
   • Cisco Firepower Threat Defense for the ASA 5508-X and ASA 5516-X Using Firepower Management

Center Quick Start Guide

• Firepower Threat Defense Virtual running on Public and Private cloud environments, see Cisco Secure Firewall Threat Defense Virtual Getting Started Guide, Version 7.3.

Logging In for the First Time

Before you begin

• Prepare your appliances as described in Installing and Performing Initial Setup on Physical Appliances, on page 2 or Deploying Virtual Appliances, on page 3.

Procedure

1. Step 1 Log in to the Firepower Management Center web interface with admin as the username and Admin123 as the password. Change the password for this account as described in the Quick Start Guide for your appliance.
2. Step 2 Set a time zone for this account as described in Setting Your Default Time Zone.
3. Step 3 Add licenses as described in Licensing the Firepower System.
4. Step 4 Register managed devices as described in Add a Device to the FMC.
5. Step 5 Configure your managed devices as described in:
   • Introduction to IPS Device Deployment and Configuration, to configure passive or inline interfaces on 7000 Series or 8000 Series devices
   • Interface Overview for Firepower Threat Defense, to configure transparent or routed mode on Firepower Threat Defense devices

• Interface Overview for Firepower Threat Defense, to configure interfaces on Firepower Threat Defense devices

What to do next

• Begin controlling and analyzing traffic by configuring basic policies as described in Setting Up Basic Policies and Configurations, on page 4.

Setting Up Basic Policies and Configurations
You must configure and deploy basic policies in order to see data in the dashboard, Context Explorer, and event tables.
This is not a full discussion of policy or feature capabilities. For guidance on other features and more advanced configurations, see the rest of this guide.

Note
Before you begin

• Log into the web interface, set your time zone, add licenses, register devices, and configure devices as described in Logging In for the First Time, on page 3.

Procedure

1. Step 1 Configure an access control policy as described in Creating a Basic Access Control Policy.
   • In most cases, Cisco suggests setting the Balanced Security and Connectivity intrusion policy as your default action. For more information, see Access Control Policy Default Action and System-Provided Network Analysis and Intrusion Policies.
   • In most cases, Cisco suggests enabling connection logging to meet the security and compliance needs of your organization. Consider the traffic on your network when deciding which connections to log so that you do not clutter your displays or overwhelm your system. For more information, see About Connection Logging.
2. Step 2 Apply the system-provided default health policy as described in Applying Health Policies.
3. Step 3 Customize a few of your system configuration settings:
   • If you want to allow inbound connections for a service (for example, SNMP or the syslog), modify the ports in the access list as described in Configure an Access List.
   • Understand and consider editing your database event limits as described in Configuring Database Event Limits.
   •  If you want to change the display language, edit the language setting as described in Set the Languagefor the Web Interface.
   • If your organization restricts network access using a proxy serverand you did not configure proxy settings during initial configuration, edit your proxy settings as described in Modify FMC Management Interfaces.
4. Step 4 Customize your network discovery policy as described in Configuring the Network Discovery Policy. By default, the network discovery policy analyzes all traffic on your network. In most cases, Cisco suggests restricting discovery to the addresses in RFC 1918.
5. Step 5 Consider customizing these other common settings:
   • If you do not want to display message center pop-ups, disable notifications as described in Configuring Notification Behavior.
   • If you want to customize the default values for system variables, understand their use as described in Variable Sets.
   • If you want to update the Geolocation Database, update manually or on a scheduled basis as described in Update the Geolocation Database.
   • If you want to create additional locally authenticated user accounts to access the FMC, see Add an Internal User at the Web Interface.
   • If you want to use LDAP or RADIUS external authentication to allow access to the FMC, see Configure E xternal Authentication.
6. Step 6 Deploy configuration changes; see Deploy Configuration Changes.

What to do next

• Review and consider configuring other features described in Firepower Features, on page 6 and the rest of this guide.

Firepower Devices
In a typical deployment, multiple traffic-handling devices report to one Firepower Management Center, which you use to perform administrative, management, analysis, and reporting tasks.

Classic Devices
Classic devices run next-generation IPS (NGIPS) software. They include:

• Firepower 7000 series and Firepower 8000 series physical devices.
• NGIPSv, hosted on VMware.
• ASA with FirePOWER Services, available on select ASA 5500-X series devices (also includes ISA 3000). The ASA provides the first-line system policy, and then passes traffic to an ASA FirePOWER module for discovery and access control.

Note that you must use the ASA CLI or ASDM to configure the ASA-based features on an ASA FirePOWER device. This includes device high availability, switching, routing, VPN, NAT, and so on.
You cannot use the FMC to configure ASA FirePOWER interfaces, and the FMC GUI does not display ASA interfaces when the ASA FirePOWER is deployed in SPAN port mode. Also, you cannot use the FMC to shut down, restart, or otherwise manage ASA FirePOWER processes.

Firepower Threat Defense Devices
A Firepower Threat Defense (FTD) device is a next-generation firewall (NGFW) that also has NGIPS capabilities. NGFW and platform features include site-to- site and remote access VPN, robust routing, NAT, clustering, and other optimizations in application inspection and access control.
FTD is available on a wide range of physical and virtual platforms.

Compatibility
For details on manager-device compatibility, including the software compatible with specific device models, virtual hosting environments, operating systems, and so on, see the Cisco Firepower Release Notes and Cisco Firepower Compatibility Guide.

Firepower Features

These tables list some commonly used Firepower features.

Appliance and System Management Features

To locate unfamiliar documents, see: http://www.cisco.com/c/en/us/td/docs/security/firepower/roadmap/firepower- roadmap.html

About Health Monitoring
Back up data on your appliance| Backup and restore| Backup and Restore
Upgrade to a new Firepower version| System updates| Cisco Firepower Management Center Upgrade Guide, Version 6.0–7.0

Firepower Release Notes

Baseline your physical appliance| Restore to factory defaults (reimage)| The Cisco Firepower Management Center Upgrade Guide, Version 6.0–7.0, for a list of links to instructions on performing fresh installations.
Update the VDB, intrusion rule updates, or GeoDB on your appliance| Vulnerability Database (VDB) updates, intrusion rule updates, or Geolocation Database (GeoDB) updates| System Updates

Series Device High Availability

About Firepower Threat Defense High Availability

About Firepower Management Center High Availability

Combine processing resources of multiple 8000 Series devices| Device stacking| About Device Stacks
Configure a device to route traffic between two or more interfaces| Routing| Virtual Routers

Routing Overview for Firepower Threat Defense

Configure packet switching between two or more networks| Device switching| Virtual Switches

Configure Bridge Group Interfaces

Translate private addresses into public addresses for internet connections| Network Address Translation (NAT)| NAT Policy Configuration

Network Address Translation (NAT) for Firepower Threat Defense

Establish a secure tunnel between managed Firepower Threat Defense or 7000/8000 Series devices| Site-to-Site virtual private network (VPN)| VPN Overview for Firepower Threat Defense
Establish secure tunnels between remote users and managed Firepower Threat

Defense devices

| Remote Access VPN| VPN Overview for Firepower Threat Defense
Segment user access to managed devices, configurations, and events| Multitenancy using domains| Introduction to Multitenancy Using Domains
View and manage appliance

configuration using a REST API client

| REST API and REST API

Explorer

| REST API Preferences

Firepower REST API Quick Start Guide

Troubleshoot issues| N/A| Troubleshooting the System

High Availability and Scalability Features by Platform
High availability configurations (sometimes called failover) ensure continuity of operations. Clustered and stacked configurations group multiple devices together as a single logical device, achieving increased throughput and redundancy.

Except MC750

| —| —
Firepower Management Center Virtual| —| —| —

• Firepower Threat Defense:
• Firepower 2100 series
• ASA 5500-X series
• ISA 3000

| Yes| —| —
Firepower Threat Defense:

• Firepower 4100/9300 chassis

| Yes| Yes| —
Firepower Threat Defense Virtual:

• VMware
• KVM

| Yes| —| —
Firepower Threat Defense Virtual (public cloud):

• AWS
• Azure

| —| —| —

• Firepower 7010, 7020, 7030, 7050
• Firepower 7110, 7115, 7120, 7125
• Firepower 8120, 8130
• AMP 7150, 8050, 8150

| Yes| —| —

• Firepower 8140
• Firepower 8250, 8260, 8270, 8290
• Firepower 8350, 8360, 8370, 8390
• AMP 8350

| Yes| —| Yes
ASA FirePOWER| —| —| —
NGIPSv| —| —| —

Related Topics
About 7000 and 8000 Series Device High Availability
About Firepower Threat Defense High Availability

About Firepower Management Center High Availability

Features for Detecting, Preventing, and Processing Potential Threats
To locate unfamiliar documents, see: http://www.cisco.com/c/en/us/td/docs/security/firepower/roadmap/firepower- roadmap.html

Block or monitor connections to or from IP addresses, URLs, and/or domain names| Security Intelligence within your access control policy| About Security Intelligence
Control the websites that users on your network can access| URL filtering within your policy rules| URL Filtering
Monitor malicious traffic and intrusions on your network| Intrusion policy| Intrusion Policy Basics
Block encrypted traffic without inspection

Inspect encrypted or decrypted traffic

| SSL policy| SSL Policies Overview
Tailor deep inspection to encapsulated traffic and improve performance with fastpathing| Prefilter policy| About Prefiltering
Rate limit network traffic that is allowed or trusted by access control| Quality of Service (QoS) policy| About QoS Policies
Allow or block files (including malware) on your network| File/malware policy| File Policies and Malware Protection
Operationalize data from threat intelligence sources| Cisco Threat Intelligence Director (TID)| Threat Intelligence Director Overview
Configure passive or active user authentication to perform user awareness and user control| User awareness, user identity, identity policies| About User Identity Sources About Identity Policies
Collect host, application, and user data from traffic on your network to perform user awareness| Network Discovery policies| Overview: Network Discovery Policies
Use tools beyond your Firepower system to collect and analyze data about network traffic and potential threats| Integration with external tools| Event Analysis Using External Tools
Perform application detection and control| Application detectors| Overview: Application Detection
Troubleshoot issues| N/A| Troubleshooting the System

Integration with External Tools
To locate unfamiliar documents, see: http://www.cisco.com/c/en/us/td/docs/security/firepower/roadmap/firepower- roadmap.html

Automatically launch remediations when conditions on your network violate an associated policy| Remediations| Introduction to Remediations

Firepower System Remediation API Guide

Stream event data from a Firepower Management Center to a

custom-developed client application

| eStreamer integration| eStreamer Server Streaming

Firepower System eStreamer Integration Guide

Query database tables on a Firepower Management Center using a third-party client| External database access| External Database Access Settings

Firepower System Database Access Guide

Augment discovery data by importing data from third-party sources| Host input| Host Input Data

Firepower System Host Input API Guide

Investigate events using external event data storage tools and other data

resources

| Integration with external event analysis tools| Event Analysis Using External Tools
Troubleshoot issues| N/A| Troubleshooting the System

Switching Domains on the Firepower Management Center
In a multidomain deployment, user role privileges determine which domains a user can access and which privileges the user has within each of those domains. You can associate a single user account with multiple domains and assign different privileges for that user in each domain. For example, you can assign a user
read-only privileges in the Global domain, but Administrator privileges in a descendant domain.
Users associated with multiple domains can switch between domains within the same web interface session.

Under your user name in the toolbar, the system displays a tree of available domains. The tree:

• Displays ancestor domains, but may disable access to them based on the privileges assigned to your user account.
• Hides any other domain your user account cannot access, including sibling and descendant domains.

When you switch to a domain, the system displays:

• Data that is relevant to that domain only.
• Menu options determined by the user role assigned to you for that domain.

Procedure
From the drop-down list under your user name, choose the domain you want to access.

The Context Menu
Certain pages in the Firepower System web interface support a right-click (most common) or left-click context menu that you can use as a shortcut for accessing other features in the Firepower System. The contents of the context menu depend where you access it—not only the page but also the specific data.

For example:

• IP address hotspots provide information about the host associated with that address, including any available whois and host profile information.
• SHA-256 hash value hotspots allow you to add a file’s SHA-256 hash value to the clean list or custom detection list, or view the entire hash value for copying. On pages or locations that do not support the Firepower System context menu, the normal context menu for your browser appears.

Policy Editors
Many policy editors contain hotspots over each rule. You can insert new rules and categories; cut, copy, and paste rules; set the rule state; and edit the rule.

Intrusion Rules Editor
The intrusion rules editor contains hotspots over each intrusion rule. You can edit the rule, set the rule state, configure thresholding and suppression options, and view rule documentation. Optionally, after clicking Rule documentation in the context menu, you can click Rule Documentation in the documentation pop-up window to view more-specific rule details.

Event Viewer
Event pages (the drill-down pages and table views available under the Analysis menu) contain hotspots over each event, IP address, URL, DNS query, and certain files’ SHA-256 hash values. While viewing most event types, you can:

• View related information in the Context Explorer.
• Drill down into event information in a new window.
• View the full text in places where an event field contains text too long to fully display in the event view, such as a file’s SHA-256 hash value, a vulnerability description, or a URL.
• Open a web browser window with detailed information about the element from a source external to Firepower, using the Contextual Cross-Launch feature. For more information, see Event Investigation Using Web-Based Resources.
• (If your organization has deployed Cisco Security Packet Analyzer) Explore packets related to the event. For details, see Event Investigation Using Cisco Security Packet Analyzer.

While viewing connection events, you can add items to the default Security Intelligence Block and Do Not Block lists:

• An IP address, from an IP address hotspot.
• A URL or domain name, from a URL hotspot.
• A DNS query, from a DNS query hotspot.

While viewing captured files, file events, and malware events, you can:

• Add a file to or remove a file from the clean list or custom detection list.
• Download a copy of the file.
• View nested files inside an archive file.
• Download the parent archive file for a nested file.
• View the file composition.
• Submit the file for local malware and dynamic analysis.

While viewing intrusion events, you can perform similar tasks to those in the intrusion rules editor or an intrusion policy:

• Edit the triggering rule.
• Set the rule state, including disabling the rule.
• Configure thresholding and suppression options.
• View rule documentation. Optionally, after clicking Rule documentation in the context menu, you can click Rule Documentation in the documentation pop-up window to view more-specific rule details.

Intrusion Event Packet View
Intrusion event packet views contain IP address hotspots. The packet view uses a left-click context menu.
Dashboard
Many dashboard widgets contain hotspots to view related information in the Context Explorer. Dashboard
widgets can also contain IP address and SHA-256 hash value hotspots.

Context Explorer
The Context Explorer contains hotspots over its charts, tables, and graphs. If you want to examine data from graphs or lists in more detail than the Context Explorer allows, you can drill down to the table views of the relevant data. You can also view related host, user, application, file, and intrusion rule information.
The Context Explorer uses a left-click context menu, which also contains filtering and other options unique to the Context Explorer.

Related Topics
Security Intelligence Lists and Feeds

Sharing Data with Cisco
You can opt to share data with Cisco using the following features:

• Cisco Success Network
  See Cisco Success Network

• Web analytics

See (Optional) Opt Out of Web Analytics Tracking
Firepower Online Help, How To, and Documentation You can reach the online help from the web interface:

• By clicking the context-sensitive help link on each page
• By choosing Help > Online

How To is a widget that provides walkthroughs to navigate through tasks on Firepower Management Center.
The walkthroughs guide you to perform the steps required to achieve a task by taking you through each step, one after the other irrespective of the various UI screens that you may have to navigate, to complete the task.
The How To widget is enabled by default. To disable the widget, choose User Preferences from the drop-down list under your user name, and uncheck the Enable How-Tos check box in How-To Settings.
The walkthroughs are generally available for all UI pages, and are not user- role-sensitive. However, depending on the privileges of the user, some of the menu items will not appear on the Firepower Management Center interface. Thereby, the walkthroughs will not execute on such pages.

Note
The following walkthroughs are available on Firepower Management Center:

• Register FMC with Cisco Smart Account: This walkthrough guides you to register Firepower Management Center with Cisco Smart Account.

• Set up a Device and add it to FMC: This walkthrough guides you to set up a device and to add the device to Firepower Management Center.

• Configure Date and Time: This walkthrough guides you to configure the date and time of the Firepower

• Threat Defense devices using a platform settings policy.

• Configure Interface Settings: This walkthrough guides you to configure the interfaces on the Firepower Threat Defense devices.

• Create an Access Control Policy: An access control policy consists of a set of ordered rules, which are evaluated from top to bottom. This walkthrough guides you to create an access control policy. Add an Access Control Rule – A Feature Walkthrough: This walkthrough describes the components of
  an access control rule, and how you can use them in Firepower Management Center.

• Configure Routing Settings: Various routing protocols are supported by Firepower Threat Defense. A static route defines where to send traffic for specific destination networks. This walkthrough guides you to configure static routing for the devices.

• Create a NAT Policy – A Feature Walkthrough: This walkthrough guides you to create a NAT policy and walks you through the various features of a NAT rule.

You can find additional documentation related to the Firepower system using the documentation roadmap: http://www.cisco.com/c/en/us/td/docs/security/firepower/roadmap/firepower- roadmap.html

Top-Level Documentation Listing Pages for FMC Deployments

The following documents may be helpful when configuring Firepower Management Center deployments, Version 6.0+.

Some of the linked documents are not applicable to Firepower Management Center deployments. For example, some links on Firepower Threat Defense pages are specific to deployments managed by Firepower Device Manager, and some links on hardware pages are unrelated to FMC. To avoid confusion, pay careful attention to document titles. Also, some documents cover multiple products and therefore may appear on multiple product pages.

Firepower Management Center

• Firepower Management Center hardware appliances: http://www.cisco.com/c/en/us/support/security/defense-center/tsd-products-support-series-home.html
• Firepower Management Center Virtual appliances: • http://www.cisco.com/c/en/us/support/security/defense-center-virtual-appliance/tsd-products-support-series-home.html • http://www.cisco.com/c/en/us/support/security/defense-center/tsd-products-support-series-home.html
• Firepower Threat Defense, also called NGFW (Next Generation Firewall) devices
• Firepower Threat Defense software: http://www.cisco.com/c/en/us/support/security/firepower-ngfw/tsd-products-support-series-home.html
• Firepower Threat Defense Virtual: http://www.cisco.com/c/en/us/support/security/firepower-ngfw-virtual/tsd-products-support-series-home.html
• Firepower 4100 series: https://www.cisco.com/c/en/us/support/security/firepower-4100-series/tsd-products-support-series-home.html
• Firepower 9300: https://www.cisco.com/c/en/us/support/security/firepower-9000-series/tsd-products-support-series-home.html
• ISA 3000: https://www.cisco.com/c/en/us/support/security/industrial-security-appliance-isa/tsd-products-support-series-home.html

Classic devices, also called NGIPS (Next Generation Intrusion Prevention System) devices

• ASA with FirePOWER Services:
• ASA 5500-X with FirePOWER Services: • https://www.cisco.com/c/en/us/support/security/asa-firepower-services/tsd-products-support-series-home.html https://www.cisco.com/c/en/us/support/security/asa-5500-series-next-generation-firewalls/tsd-products-support-series-home.html
• ISA 3000 with FirePOWER Services: https://www.cisco.com/c/en/us/support/security/industrial-security-appliance-isa/tsd-products-support-series-home.html
• Firepower 8000 series: https://www.cisco.com/c/en/us/support/security/firepower-8000-series-appliances/tsd-products-support-series-home.html
• Firepower 7000 series: https://www.cisco.com/c/en/us/support/security/firepower-7000-series-appliances/tsd-products-support-series-home.html
• AMP for Networks: https://www.cisco.com/c/en/us/support/security/amp-appliances/tsd-products-support-series-home.html
• NGIPSv (virtual device): https://www.cisco.com/c/en/us/support/security/ngips-virtual-appliance/tsd-products-support-series-home.html

License Statements in the Documentation

The License statement at the beginning of a section indicates which Classic or Smart license you must assign to a managed device in the Firepower System to enable the feature described in the section.
Because licensed capabilities are often additive, the license statement provides only the highest required license for each feature.
An “or” statement in a License statement indicates that you must assign a particular license to the managed device to enable the feature described in the section, but an additional license can add functionality. For example, within a file policy, some file rule actions require that you assign a Protection license to the device while others require that you assign a Malware license.

For more information about licenses, see About Firepower Licenses.

Related Topics
About Firepower Licenses

Supported Devices Statements in the Documentation

The Supported Devices statement at the beginning of a chapter or topic indicates that a feature is supported only on the specified device series, family, or model. For example, many features are supported only on Firepower Threat Defense devices.
For more information on platforms supported by this release, see the release notes.

Access Statements in the Documentation

The Access statement at the beginning of each procedure in this documentation indicates the predefined user roles required to perform the procedure. Any of the listed roles can perform the procedure.
Users with custom roles may have permission sets that differ from those of the predefined roles. When a predefined role is used to indicate access requirements for a procedure, a custom role with similar permissions also has access. Some users with custom roles may use slightly different menu paths to reach configuration pages. For example, users who have a custom role with only intrusion policy privileges access the network analysis policy via the intrusion policy instead of the standard path through the access control policy.
For more information about user roles, see User Roles and Customize User Roles for the Web Interface.

Firepower System IP Address Conventions

You can use IPv4 Classless Inter-Domain Routing (CIDR) notation and the similar IPv6 prefix length notation to define address blocks in many places in the Firepower System.
When you use CIDR or prefix length notation to specify a block of IP addresses, the Firepower System uses only the portion of the network IP address specified by the mask or prefix length. For example, if you type 10.1.2.3/8, the Firepower System uses 10.0.0.0/8.
In other words, although Cisco recommends the standard method of using a network IP address on the bit boundary when using CIDR or prefix length notation, the Firepower System does not require it.

Additional Resources

The Firewalls Community is an exhaustive repository of reference material that complements our extensive documentation. This includes links to 3D models of our hardware, hardware configuration selector, product collateral, configuration examples, troubleshooting tech notes, training videos, lab and Cisco Live sessions, social media channels, Cisco Blogs and all the documentation published by the Technical Publications team.
Some of the individuals posting to community sites or video sharing sites, including the moderators, work for Cisco Systems. Opinions expressed on those sites and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party.

Note
Some of the videos, technical notes, and reference material in the Firewalls Community points to older versions of the FMC. Your version of the FMC and the version referenced in the videos or technical notes might have differences in the user interface that cause the procedures not to be identical.

Getting Started With Firepower

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>