August 23, 2024
|
Feature |
Minimum Threat Defense |
Details |
||
|---|---|---|---|---|
|
Platform |
||||
|
Threat defense Version 7.6.0 support. |
7.6.0 |
You can now manage threat defense devices running Version 7.6.0.
|
||
|
High Availability/Scalability |
||||
|
Multi-instance mode for the Secure Firewall 3100. |
7.4.1 |
You can deploy the Secure Firewall 3100 as a single device (appliance mode) or as multiple container instances (multi-instance mode). In multi-instance mode, you can deploy multiple container instances on a single chassis that act as completely independent devices. Note that in multi-instance mode, you upgrade the operating system and the firmware (chassis upgrade) separately from the container instances (Firewall Threat Defense upgrade). New/modified screens: New/modified Firewall Threat Defense CLI commands: configure multi-instance network ipv4 , configure multi-instance network ipv6 New/modified FXOS CLI commands: create device-manager , set deploymode Platform restrictions: Not supported on the Secure Firewall 3105. See: Use Multi-Instance Mode for the Secure Firewall 3100/4200 and Cisco Secure Firewall Threat Defense Upgrade Guide for Cloud-Delivered Firewall Management Center |
||
|
Access Control: Threat Detection and Application Identification |
||||
|
Easily bypass decryption for sensitive and undecryptable traffic. |
Any |
It is now easier to bypass decryption for sensitive and undecryptable traffic, which protects users and improves performance. New decryption policies now include predefined rules that, if enabled, can automatically bypass decryption for sensitive URL categories (such as finance or medical), undecryptable distinguished names, and undecryptable applications. Distinguished names and applications are undecryptable typically because they use TLS/SSL certificate pinning, which is itself not decryptable. For outbound decryption, you enable/disable these rules as part of creating the policy. For inbound decryption, the rules are disabled by default. After the policy is created, you can edit, reorder, or delete the rules entirely. New/modified screens: See: Decryption Policies |
||
|
Access Control: Identity |
||||
|
Microsoft Azure AD as a user identity source. |
7.4.2 |
You can use a Microsoft Azure Active Directory (Azure AD) realm with ISE to authenticate users and get user sessions for user control. New/modified screens:
Supported ISE versions: 3.0 patch 5+, 3.1 (any patch level), 3.2 (any patch level) See: Realms |
||
|
Health Monitoring |
||||
|
Collect health data without alerting. |
Any |
You can now disable health alerts/health alert sub-types for ASP Drop, CPU, and Memory health modules, while continuing to collect health data. This allows you to minimize health alert noise and focus on the most critical issues. New/modified screens: In any health policy (System ( See: Health |
||
|
Apply a default health policy upon device registration. |
Any |
You can now choose a default health policy to apply upon device registration. On the health policy page, the policy name indicates which is the default. If you want to use a different policy for a specific device post-registration, change it there. You cannot delete the default device health policy. New/modified screens: System ( See: Health |
||
|
Chassis-level health alerts for the Firepower 4100/9300. |
7.4.1 |
You can now view chassis-level health alerts for Firepower 4100/9300 by registering the chassis to the Firewall Management Center as a read-only device. You must also enable the Firewall Threat Defense Platform Faults health module and apply the health policy. The alerts appear in the Message Center, the health monitor (in the left pane, under Devices, select the chassis), and in the health events view. You can also add a chassis (and view health alerts for) the Secure Firewall 3100 in multi-instance mode. For those devices, you use the Firewall Management Center to manage the chassis. But for the Firepower 4100/9300 chassis, you still must use the chassis manager or the FXOS CLI. New/modified screens: See: Onboard Threat Defense to the Cloud-delivered Firewall Management Center |
||
|
Administration |
||||
|
Threat defense high availability automatically resumes after restoring from backup. |
7.6.0 |
When replacing a failed unit in a high availability pair, you no longer have to manually resume high availability after the restore completes and the device reboots. You should still confirm that high availability has resumed before you deploy. Version restrictions: Not supported with Version 7.0–7.0.7, 7.1.x, 7.2.0–7.2.9, 7.3.x, 7.4.0–7.4.2. |
||
|
Change management ticket takeover; more features in the approval workflow. |
Any |
You can now take over another user’s ticket. This is useful if a ticket is blocking other updates to a policy and the user is unavailable. These features are now included in the approval workflow: decryption policies, DNS policies, file and malware policies, network discovery, certificates and certificate groups, cipher suite lists, Distinguished Name objects, Sinkhole objects. See: Change Management |
||
|
Troubleshooting |
||||
|
Troubleshoot Snort 3 performance issues with a CPU and rule profiler. |
7.6.0 with Snort 3 |
New CPU and rule profilers help you troubleshoot Snort 3 performance issues. You can now monitor:
New/modified screens: Platform restrictions: Not supported for container instances. See: Troubleshooting |
||
|
Deprecated Features |
||||
|
End of support: analytics-only capabilities with the full range of threat defense devices. |
Any |
You can co-manage a cloud-managed device with a Version 7.2+ on-prem Firewall Management Center for event logging and analytics purposes only. Because the Cloud-Delivered Firewall Management Center supports a wider range of managed device versions than on-prem management centers, you may have issues with devices being "too old" or "too new" to co-manage. See: Cisco Secure Firewall Management Center Compatibility Guide. |
||
