History for Interfaces

Feature

Minimum Management Center

Minimum Threat Defense

Details

Loopback and Management type interface group objects

7.4.0

7.4.0

You can now create interface group objects that include only management-only interfaces or only loopback interfaces. You can then use these groups for management features such as DNS servers, HTTP access, or SSH. Loopback groups are supported for any feature that supports loopback interfaces. Note that DNS does not support management interfaces.

New/Modified screens: Objects > Object Management > Interface > Add > Interface Group

Merged Management and Diagnostic interfaces

7.4.0

7.4.0

For new devices using 7.4 and later, you cannot use the legacy Diagnostic interface. Only the merged Management interface is available. If you upgraded to 7.4 or later, and you did not have any configuration for the Diagnostic interface, then the interfaces will merge automatically.

If you upgraded to 7.4 or later, and you have configuration for the Diagnostic interface, then you have the choice to merge the interfaces manually, or you can continue to use the separate Diagnostic interface. Note that support for the Diagnostic interface will be removed in a later release, so you should plan to merge the interfaces as soon as possible.

Merged mode also changes the behavior of AAA traffic to use the data routing table by default. The management-only routing table can now only be used if you specify the management-only interface (including Management) in the configuration.

New/Modified screens: Devices > Device Management > Interfaces

New/Modified commands: show management-interface convergence

Default Forward Error Correction (FEC) on Secure Firewall 3100 fixed ports changed to Clause 108 RS-FEC from Clause 74 FC-FEC for 25 GB+ SR, CSR, and LR transceivers

7.2.4

7.2.4

When you set the FEC to Auto on the Secure Firewall 3100 fixed ports, the default type is now set to Clause 108 RS-FEC instead of Clause 74 FC-FEC for 25 GB+ SR, CSR, and LR transceivers.

LLDP support for the Firepower 2100, Secure Firewall 3100

7.2.0

7.2.0

You can enable Link Layer Discovery Protocol (LLDP) for Firepower 2100 and Secure Firewall 3100 interfaces.

New/Modified screens:

Devices > Device Management > Interfaces > Hardware Configuration > Network Connectivity

New/Modified commands: show lldp status, show lldp neighbors, show lldp statistics

Pause Frames for Flow Control for the Secure Firewall 3100

7.2.0

7.2.0

If you have a traffic burst, dropped packets can occur if the burst exceeds the buffering capacity of the FIFO buffer on the NIC and the receive ring buffers. Enabling pause frames for flow control can alleviate this issue.

New/Modified screens: Devices > Device Management > Interfaces > Hardware Configuration > Network Connectivity

Support for hot swapping the network module for the Secure Firewall 3100

7.1.0

7.1.0

You can add or remove the network module on the Secure Firewall 3100 while the firewall is powered up. To replace a module with another module of the same type, you do not need to reboot. After initial bootup, adding a module, permanently removing a module, or replacing a module with a new type requires a reboot.

New/Modified screens:

Devices > Device Management > Chassis Operations

Support for Forward Error Correction for the Secure Firewall 3100

7.1.0

7.1.0

Secure Firewall 3100 25 Gbps interfaces support Forward Error Correction (FEC). FEC is enabled by default and set to Auto.

New/Modified screens: Devices > Device Management > Interfaces > Edit Physical Interface > Hardware Configuration

Support for setting the speed based on the SFP for the Secure Firewall 3100

7.1.0

7.1.0

The Secure Firewall 3100 supports speed detection for interfaces based on the SFP installed. Detect SFP is enabled by default. This option is useful if you later change the network module to a different model, and want the speed to update automatically.

New/Modified screens: Devices > Device Management > Interfaces > Edit Physical Interface > Hardware Configuration

LLDP support for the Firepower 1100.

7.1.0

7.1.0

You can enable Link Layer Discovery Protocol (LLDP) for Firepower 1100 interfaces.

New/Modified screens: Devices > Device Management > Interfaces > Hardware Configuration > LLDP

New/Modified commands: show lldp status, show lldp neighbors, show lldp statistics

Interface auto-negotiation is now set independently from speed and duplex, interface sync improved.

7.1.0

7.1.0

Interface auto-negotiation is now set independently from speed and duplex. Also, when you sync the interfaces in management center, hardware changes are detected more effectively.

New/Modified screens: Devices > Device Management > Interfaces > Hardware Configuration > Speed

Supported platforms: Firepower 1000, 2100, Secure Firewall 3100

Firepower 1100/2100 series fiber interfaces now support disabling auto-negotiation.

6.7.0

6.7.0

You can now configure a Firepower 1100/2100 series fiber interface to disable flow control and link status negotiation.

Previously, when you set the fiber interface speed (1000 or 10000 Mbps) on these devices, flow control and link status negotiation was automatically enabled. You could not disable it.

Now, you can deselect Auto-negotiation and set the speed to 1000 to disable flow control and link status negotiation. You cannot disable negotiation at 10000 Mbps.

New/modified screens: Devices > Device Management > Interfaces > Hardware Configuration > Speed