October 20, 2022
Support for Configuring Next-Hop IP Addresses in a Policy-based Route Map
Policy-Based Routing (PBR) helps route network traffic for specified applications based on your priorities, such as source port, destination address, destination port, protocol, applications, or a combination of these objects, rather than by destination network criteria. For example, you can use PBR to route your high-priority network traffic over a high-bandwidth, expensive link and your lower priority network traffic over a lower bandwidth, lower cost link.
The cloud-delivered Firewall Management Center now supports defining next-hop IP addresses when creating a policy-based route map. See About Policy Based Routing and Configure Policy-Based Routing Policy in Managing Firewall Threat Defense with Cloud-Delivered Firewall Management Center in Cisco Defense Orchestrator for more information.
URL Filtering Enhancements
URL filtering lets you control access to websites that the users on your network can use. You can filter websites based on category and reputation, for which your device needs a URL-filtering license, or manually by specifying URLs. The category and reputation-based filtering—the quicker and smarter way to filter URLs—uses Cisco's up-to-date threat intelligence information and is highly recommended.
The cloud-delivered Firewall Management Center can now query for up-to-date URL category and reputation information directly from the Cisco Talos cloud instead of using the local database information. The local database gets updated every 24 to 48 hours. See URL Filtering Options in Managing Firewall Threat Defense with Cloud-Delivered Firewall Management Center in Cisco Defense Orchestrator for detailed information.
Umbrella Tunnel Integration with Secure Firewall Threat Defense using Cloud-delivered Firewall Management Center
You can now automatically deploy IPsec IKEv2 tunnels to Umbrella from a threat defense device using cloud-delivered Firewall Management Center. This tunnel forwards all internet-bound traffic to the Umbrella Secure Internet Gateway (SIG) for inspection and filtering. Create a SASE topology, a new type of static VTI-based site-to-site VPN topology, using a simple wizard to configure and deploy the Umbrella tunnels.
See About Umbrella SASE Topology in Managing Firewall Threat Defense with Cloud-Delivered Firewall Management Center in Cisco Defense Orchestrator for more information.
Support for Remote Access VPN Policy in FTD to Cloud Migration
CDO now imports the remote access VPN policy during the migration of the FTD to cloud.
See Migrate FTD to Cloud in Managing Firewall Threat Defense with Cloud-Delivered Firewall Management Center in Cisco Defense Orchestrator for more information.
Migrate Flex Configured Routing Policies
Cloud-Delivered Firewall Management Center now supports the migration of Flex configured ECMP, VxLAN, and EIGRP policies using the Migration Config option in the user interface.
See Migrating FlexConfig Policies in Managing Firewall Threat Defense with Cloud-Delivered Firewall Management Center in Cisco Defense Orchestrator for more information.
Smart Licensing Standardization
The license names used by cloud-delivered Firewall Management Center have been changed.
|
Old Name |
is now |
New Name |
|---|---|---|
|
Base |
is now |
Essentials |
|
Threat |
is now |
IPS |
|
Malware |
is now |
Malware Defense |
|
RA VPN/AnyConnect License |
is now |
Cisco Secure Client |
|
AnyConnect Plus |
is now |
Secure Client Advantage |
|
AnyConnect Apex |
is now |
Secure Client Premier |
|
AnyConnect Apex and Plus |
is now |
Secure Client Premier and Advantage |
|
AnyConnect VPN Only |
is now |
Secure Client VPN Only |
See License Types and Restrictions in Managing Firewall Threat Defense with Cloud-Delivered Firewall Management Center in Cisco Defense Orchestrator for more information.