- ページ 4
ネットワーク・ハードウェア Cisco Secure Firewall 3120のPDF はじめにをオンラインで閲覧またはダウンロードできます。Cisco Secure Firewall 3120 42 ページ。
New Features in FDM/FTD Version 7.1.0
Feature
Firewall and IPS Features
Network Analysis Policy (NAP)
configuration for Snort 3.
Manual NAT support for
fully-qualified domain name
(FQDN) objects as the translated
destination.
Improved active authentication for
identity rules.
VPN Features
Backup remote peers for site-to-site
VPN.
Getting Started
4
Description
You can use FDM to configure the Network Analysis Policy (NAP)
when running Snort 3. Network analysis policies control traffic
preprocessing inspection. Inspectors prepare traffic to be further
inspected by normalizing traffic and identifying protocol anomalies.
You can select which NAP is used for all traffic, and customize the
settings to work best with the traffic in your network. You cannot
configure the NAP when running Snort 2.
We added the Network Analysis Policy to the Policies > Intrusion
settings dialog box, with an embedded JSON editor to allow direct
changes, and other features to let you upload overrides, or download
the ones you create.
You can use an FQDN network object, such as one specifying
www.example.com, as the translated destination address in manual NAT
rules. The system configures the rule based on the IP address returned
from the DNS server.
You can configure active authentication for identity policy rules to
redirect the user's authentication to a fully-qualified domain name
(FQDN) rather than the IP address of the interface through which the
user's connection enters the device. The FQDN must resolve to the IP
address of one of the interfaces on the device. By using an FQDN, you
can assign a certificate for active authentication that the client will
recognize, thus avoiding the untrusted certificate warning users get when
being redirected to an IP address. The certificate can specify the FQDN,
a wildcard FQDN, or multiple FQDNs in the Subject Alternate Names
(SAN) in the certificate.
We added the Redirect to Host Name option in the identity policy
settings.
You can configure a site-to-site VPN connection to include remote
backup peers. If the primary remote peer is unavailable, the system will
try to re-establish the VPN connection using one of the backup peers.
You can configure separate pre-shared keys or certificates for each
backup peer. Backup peers are supported for policy-based connections
only, and are not available for route-based (virtual tunnel interface)
connections.
We updated the site-to-site VPN wizard to include backup peer
configuration.
Getting Started