What is Cisco Firepower?
- Often referred to as Cisco secure Firepower, this advanced firewall was developed by Cisco to succeed and replace the Cisco ASA firewall line. Cisco Firepower operates on two different codes:
- The ASA (Adaptive Security Appliance) Code
- The FTD (Firepower Threat Defense) Code
The ASA code provides basic software but lacks advanced next-gen and IPS functionalities. In contrast, the next-gen ASA software includes a Firepower module that runs inline on top of the existing ASA architecture. In this setup, ASA offers IPS, malware protection, and URL filtering capabilities through Firepower.
Currently, Cisco Firepower integrates firewall capabilities with Firepower functionalities into a single solution, branded by Cisco as Cisco Secure Firewall.
The Secure Firewall suite delivers various critical capabilities, including:
- Unified Management of Firewalls
- Application Control
- URL Filtering and IPS
- Malware Defense
What is the use of Cisco Firepower?
Cisco Firepower line is designed to help businesses handle their network traffic while complying with network security policies – the guidelines for protecting the business network.
The Cisco Firepower Module runs on ASA devices installed in different cisco secure network segments and monitors network traffic for analysis. When deployed inline, the system can influence traffic flow using access control features that specify how to handle incoming, outgoing, and traversing traffic.
The data collected about network traffic, along with information from Cisco Firepower, helps filter and control traffic based on:
- Simple transport and network layer characteristics, such as source, destination, port, and protocol.
- Latest contextual information, including reputation, risk, business relevance, applications used, and URLs visited.
- Users of Microsoft Active Directory LDAP in your organization.
Each type of traffic inspection and control is performed where it offers the most flexibility and performance. For example, reputation-based blacklisting, which uses data on source and destination, can quickly block prohibited traffic while also detecting and blocking intrusions and exploits.
What are the key capabilities of Cisco Firepower?
The main capabilities of Cisco Firepower are as follows:
- Access Control Policies
- Identifying and Preventing Intrusions
- Advanced Malware Protection and File Control
Access Control Policies
It is a policy-based feature that helps you specify, inspect, and log the traffic allowed to traverse your network. This feature determines how the traffic is handled on your network.
The simplest access control policy uses a default action to handle all traffic. You can set this policy to either block or trust all traffic without further inspection for intrusions.
Alternatively, you can implement a more complex access control policy called blacklist traffic, which is based on Security Intelligence data. This policy includes access control rules that enable granular control over network logging and handling. With this policy, you can manage traffic by security zone, network, geographic location, port, requested URL, application, or user.
Furthermore, each access rule specifies an action that determines whether you monitor, trust, block, or allow the matching traffic.
Identifying and Preventing Intrusions
Advanced Malware Protection and File Control
What are the license conventions for Cisco Firepower?
Are you ready to upgrade your network security with Cisco Firepower modules?