Cisco Firepower Management Center 3500 Podręcznik dla początkujących - Strona 18
Przeglądaj online lub pobierz pdf Podręcznik dla początkujących dla Serwer Cisco Firepower Management Center 3500. Cisco Firepower Management Center 3500 42 stron. Firepower management center
Drukuj stronę
Individual User Accounts
After you complete the initial setup, the only user on the system is the
role and access. Users with that role have full menu and configuration access to the system, including via the
shell or CLI. Cisco recommends that you limit the use of the
security and auditing reasons.
Note:
The
admin
Firepower Management Center via the web interface are not the same, and may use different passwords.
Creating a separate account for each person who will use the system allows your organization not only to audit
actions and changes made by each user, but also to limit each person's associated user access role or roles.
This is especially important on the Management Center, where you perform most of your configuration and
analysis tasks. For example, an analyst needs access to event data to analyze the security of your network,
but may not require access to administrative functions for the deployment.
The system includes ten predefined user roles designed for a variety of administrators and analysts. You can
also create custom user roles with specialized access privileges.
Device Registration
For all Firepower versions you can register devices to the FMC after completing the FMC initial setup.
Note:
If you are using a Firepower System version previous to 6.0, you can add 7000 and 8000 Series devices to
the Management Center during the initial setup process; see
A Firepower Management Center can manage any device, physical or virtual, currently supported by your version
of the Firepower System. Depending on your Firepower version this may include:
Firepower 7000 and 8000 Series appliances—physical devices purpose-built for theFirepower System.
Firepower 7000 and 8000 Series devices have a range of throughputs, but share most of the same
capabilities. In general, 8000 Series devices are more powerful than 7000 Series devices; they also support
additional features such as 8000 Series fastpath rules, link aggregation, and stacking. You must configure
remote management on the device before you can register the device to a Firepower Management Center.
NGIPSv—a 64-bit virtual device deployed in the VMware VSphere environment. NGIPSv devices do not support
any of the system's hardware-based features such as redundancy and resource sharing, switching, and
routing.
Cisco ASA with FirePOWER Services (or an ASA FirePOWER module)—provides the first-line system policy
and passes traffic to the Firepower System for discovery and access control. However, you cannot use the
Firepower Management Center web interface to configure ASA FirePOWER interfaces. Cisco ASA with
FirePOWER Services has a software and command line interface (CLI) unique to the ASA platform to install
the system and to perform other platform-specific administrative tasks.
Firepower Threat Defense—provides a unified next-generation firewall and next-generation IPS device.
Firepower Threat Defense Virtual—a 64-bit virtual device that is designed to work in multiple hypervisor
environments, reduce administrative overhead, and increase operational efficiency.
To register managed devices to a Firepower Management Center, see the device management information in the
Firepower Management Center Configuration Guide for your software version. For information on compatibility
among Firepower devices and software versions, see the Cisco Firepower Compatibility Guide.
Health and System Policies
By default, all appliances have an initial system policy applied. The system policy governs settings that are
likely to be similar for multiple appliances in a deployment, such as mail relay host preferences and time
synchronization settings. Cisco recommends that you use the Management Center to apply the same system
policy to itself and all the devices it manages.
Cisco Firepower Management Center Getting Started Guide
accounts for accessing a Firepower Management Center via the shell versus accessing a
Administration Recommendations
user, which has the Administrator
admin
account (and the Administrator role) for
admin
Device Registration, page 16
for information.
18