Cloud, Data Center, Security

Cisco Firepower 6.6 Update

Cisco Firepower 6.6 Update

What’s new in 6.6 (FMC)?

Cisco launched the new Cisco Firepower 6.6 release with a lot’s of improvements, new features, and more integrations.

  • Administrative and Troubleshooting Features
    • FDM direct support for Precision Time Protocol (PTP) configuration for ISA 3000 devices.
    • Trust chain validation for the FDM management web server certificate.
    • Support for encrypting backup files.
    • Support for selecting which events to send to the Cisco cloud for use by cloud services.
    • FTD REST API version 5 (v5).
  • Firepower Threat Defense: Clustering
    • Multi-instance clustering
    • Parallel configuration sync to slave units in FTD clusters
    • Messages for cluster join failure or eviction added to show cluster history
    • Firepower Threat Defense: Routing
    • Virtual routers and VRF-Lite
  • Administration
    • FMC web interface Light theme
    • New options for deploying configuration changes
    • Initial configuration updates the VDB and schedules SRU updates
    • Display time remaining for upgrades
    • VDB match no longer required to restore FMC
    • Default HTTPS server certificate renewals have 800 day lifespans
    • HTTPS certificates with subject alternative name (SAN)
    • Real names associated with FMC user account
  • Firepower Threat Defense: VPN
    • DTLS 1.2 in remote access VPN
    • Site-to-site VPN IKEv2 support for multiple peers
  • Security Policies
    • Usability enhancements for security policies
    • Object group search for access control policies
    • Time-based rules in access control and prefilter policies
    • Egress optimization re-enabled
  • Firepower Threat Defense: Device Management
    • Obtain initial management interface IP address using DHCP
    • Configure MTU values in CLI
    • Get upgrade packages from an internal web server
    • Connection-based troubleshooting enhancements
  • Event Analysis
    • New datastore improves performance
    • Wildcard support when searching connection and Security Intelligence events for URLs
    • Monitor up to 300,000 concurrent user sessions with FTD devices
    • Integration with IBM QRadar
  • Hardware and Virtual Hardware
    • Larger instances for AWS deployments
    • Autoscale for cloud-based FTDv deployments
  • FMC REST API
    • New REST API capabilities
    • Changed REST API service name for extended access lists

The Cisco Firepower Management Center provides extensive intelligence about the users, applications, devices, threats, and vulnerabilities that exist in your network.

What’s new in 6.6 (FTD/FDM)?

  • Platform features
    • FDM support for Firepower Threat Defense Virtual for the Amazon Web Services (AWS) Cloud.
  • Firewall and IPS Features
    • Ability to enable intrusion rules that are disabled by default.
    • Intrusion Detection System (IDS) mode for the intrusion policy.Support for manually uploading Vulnerability Database (VDB), Geolocation Database, and Intrusion Rule update packages.
    • FTD API support for access control rules that are limited based on time.Object group search for access control policies.
  • VPN Features
    • Backup peer for site-to-site VPN. (FTD API only.)
    • Support for Datagram Transport Layer Security (DTLS) 1.2 in remote access VPN.
    • Deprecated support for less secure Diffie-Hellman groups, and encryption and hash algorithms.
  • Routing Features
    • Virtual routers and Virtual Routing and Forwarding (VRF)-Lite.
    • OSPF and BGP configuration moved to the Routing pages.
  • Licensing Features
    • Smart Licensing and Cloud Services enrollment are now separate, and you can manage your enrollments separately.
    • Support for Permanent License Reservation.
  • High Availability Features
    • The restriction for externally authenticated users logging into the standby unit of a high availability (HA) pair has been removed.
    • Change to how interfaces are handled by the BreakHAStatus resource in the FTD API.
    • The last failure reason for High Availability problems is now displayed on the High Availability page.
  • Interface Features
    • PPPoE Support
    • Management Interface acts as a DHCP client by default
    • HTTP proxy support for FDM management connections.
    • Set the MTU for the Management interface

To keep the bad guys out of your network, you’ve got to think and act one step ahead. That’s exactly what the threat-focused Cisco next-generation firewall was built to do. Join Cisco security experts now and get a firsthand look at the hardware, software, and management that make up this fully integrated solution.

How to upgrade it to the latest release?

 

The upgrade of the FMC/ASDM/FDM has to be done first than the ASA FirePower modules or Firepower Devices before you move to the FMC. Please consult the documentation to upgrade to Firepower 6.6

Cisco Defense Orchestrator Learn More

Cisco Defence Orchestrator Security policy management allows a network operations team to easily manage policies across your Cisco security products. CDO is a cloud based application which orchestrates policies in one spot to keep your company protected against the latest threats.

Related Posts