Security, Internet Access, and Communication Ports

Similar documents
Security, Internet Access, and Communication Ports

Security, Internet Access, and Communication Ports

Security, Internet Access, and Communication Ports

FireSIGHT Virtual Installation Guide

Licensing the Firepower System

Licensing the Firepower System

Connection Logging. About Connection Logging

Licensing the Firepower System

Connection Logging. Introduction to Connection Logging

The Privileged Remote Access Appliance in the Network

The Bomgar Appliance in the Network

Pass4sure q. Cisco Securing Cisco Networks with Sourcefire IPS

Monitoring the Device

Firepower Management Center High Availability

The Privileged Access Appliance in the Network

External Alerting with Alert Responses

System Configuration. The following topics explain how to configure system configuration settings on Firepower Management Centers and managed devices:

Access Control Using Intrusion and File Policies

Implementing Cisco Edge Network Security Solutions ( )

Configuring the Management Access List

Rule Management: Common Characteristics

Logging into the Firepower System

Barracuda Firewall Release Notes 6.6.X

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

This document describes Firepower module s system/ traffic events and various method of sending these events to an external logging server.

Device Management Basics

Licensing the System

File Policies and AMP for Firepower

McAfee Network Security Platform 9.1

SOURCEFIRE 3D SYSTEM RELEASE NOTES

Chapter 1: Content Security

Access Control Using Intrusion and File Policies

Access Control. Access Control Overview. Access Control Rules and the Default Action

Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017

File Reputation Filtering and File Analysis

Configuration Import and Export

Configuration Import and Export

Enabling AMP on Content Security Products (ESA/WSA) November 2016 Version 2.0. Bill Yazji

Cisco ISE Ports Reference

Host Identity Sources

Identity Policies. Identity Policy Overview. Establishing User Identity through Active Authentication

Features and Functionality

Access Control. Access Control Overview. Access Control Rules and the Default Action

Cisco ISE Ports Reference

Understanding Cisco Cybersecurity Fundamentals

Cisco Firepower NGFW. Anticipate, block, and respond to threats

McAfee Network Security Platform

File Policies and Advanced Malware Protection

The following topics describe how to manage various policies on the Firepower Management Center:

Seceon s Open Threat Management software

Connection and Security Intelligence Events

Use Cases for Firepower Threat Defense

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

Implementing Cisco Network Security (IINS) 3.0

Cisco ISE Ports Reference

The following topics provide more information on user identity. Establishing User Identity Through Passive Authentication

Cisco ISE Ports Reference

User Identity Sources

Connect the Appliance to a Cisco Cloud Web Security Proxy

Best Practices: Enabling AMP on Content Security Products (ESA/WSA) March 2017 Version 2.3. Bill Yazji

Cisco Firepower NGFW. Anticipate, block, and respond to threats

McAfee Network Security Platform 8.3

Use Cases for Firepower Threat Defense

Network Communication Requirements for SecureAuth IdP

This document describes the configuration of Secure Sockets Layer (SSL) decryption on the FirePOWER Module using ASDM (On-Box Management).

McAfee Network Security Platform 8.3

Network Security Platform 8.1

Device Management Basics

Platform Settings for Classic Devices

Corrigendum 3. Tender Number: 10/ dated

ForeScout Extended Module for Carbon Black

McAfee Network Security Platform Administration Course

Device Management Basics

Realms and Identity Policies

Cisco ASA Next-Generation Firewall Services

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

User Identity Sources

Network Discovery Policies

Network Security Platform 8.1

Initial Configuration Steps of FireSIGHT Systems

Cloud-Managed Security for Distributed Networks with Cisco Meraki MX

Ports and Protocols. Clearswift SECURE Web Gateway v4.x. Issue /04/2017. Clearswift Public

Viewing System Status, page 404. Backing Up and Restoring a Configuration, page 416. Managing Certificates for Authentication, page 418

ForeScout CounterACT. Controller Plugin. Configuration Guide. Version 1.0

Compare Security Analytics Solutions

Firewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků

McAfee Network Security Platform 8.1

Security in the Privileged Remote Access Appliance

Snort: The World s Most Widely Deployed IPS Technology

McAfee Network Security Platform 9.1

About This Guide. Document Objectives. Audience

Palo Alto Networks PCNSE7 Exam

Clearswift SECURE Exchange Gateway V4.8


Access Control Rules: Realms and Users

Fundamentals of Network Security v1.1 Scope and Sequence

FIPS Management. FIPS Management Overview. Configuration Changes in FIPS Mode

Reviewer s guide. PureMessage for Windows/Exchange Product tour

McAfee Network Security Platform 8.3

McAfee Network Security Platform 8.3

Transcription:

Security, Internet Access, and Communication Ports The following topics provide information on system security, internet access, and communication ports: About Security, Internet Access, and Communication Ports, page 1 Internet Access Requirements, page 1 Communication Ports Requirements, page 3 About Security, Internet Access, and Communication Ports To safeguard thefirepower, you should install it on a protected internal network. Although the Firepower is configured to have only the necessary services and ports available, you must make sure that attacks cannot reach it (or any managed devices) from outside the firewall. If the Firepower and its managed devices reside on the same network, you can connect the management interfaces on the devices to the same protected internal network as the Firepower Management Center. This allows you to securely control the devices from the Firepower. You can also configure multiple management interfaces to allow the Firepower to manage and isolate traffic from devices on other networks. Regardless of how you deploy your appliances, intra-appliance communication is encrypted. However, you must still take steps to ensure that communications between appliances cannot be interrupted, blocked, or tampered with; for example, with a distributed denial of service (DDoS) or man-in-the-middle attack. Also note that specific features require an internet connection. By default, Firepower appliances are configured to directly connect to the internet. Additionally, certain ports must remain open for basic intra-appliance communication, for secure appliance access, and so that specific features can access the local or internet resources they need to operate correctly. Internet Access Requirements By default, system appliances are configured to directly connect to the Internet on ports 443/tcp (HTTPS) and 80/tcp (HTTP), which are open by default on all Firepower System appliances Note that most system appliances support use of a proxy server. Note also that a proxy server cannot be used for whois access. Firepower Configuration Guide, Version 6.0 1

Firepower System Feature Internet Access Requirements Security, Internet Access, and Communication Ports Firepower System Feature Internet Access Requirements The following table describes the Internet access requirements of specific features of the Firepower System. Table 1: Firepower System Feature Internet Access Requirements Feature AMP for Networks Internet access is required to... perform malware cloud lookups. Appliances Cisco Advanced Malware Protection (Cisco AMP) integration receive endpoint-based (AMP for Endpoints) malware events from the Cisco AMP cloud. dynamic analysis: querying dynamic analysis: submitting intrusion rule, VDB, and GeoDB updates local malware analysis and file preclassification signature updates RSS feed dashboard widget Security Intelligence filtering system software updates URL filtering whois query the AMP Threat Grid cloud for threat scores of files previously submitted for dynamic analysis. submit files to the AMP Threat Grid cloud for dynamic analysis. download or schedule the download of a intrusion rule, GeoDB, or VDB update directly to an appliance. download signature updates to the local malware analysis and preclassification engines. download RSS feed data from an external source, including Cisco. download Security Intelligence feed data from an external source, including Cisco-provided intelligence feeds. download or schedule the download of a system update directly to an appliance. download URL category and reputation data for access control, and query for uncategorized URLs. request whois information for an external host. device except NGIPSv 2 Firepower Configuration Guide, Version 6.0

Security, Internet Access, and Communication Ports Communication Ports Requirements Communication Ports Requirements Firepower appliances communicate using a two-way, SSL-encrypted communication channel, which by default uses port 8305/tcp. This port must remain open for basic intra-platform communication. Other open ports allow: Access to the web interface ( Firepower and ). Secure remote connections. Access to local or internet resources required by specific features. Do not close an open port until you understand how this action will affect your deployment. In general, feature-related ports remain closed until you enable or configure the associated feature. Note that the system allows you to change some of its communication ports: You can specify custom ports for LDAP and RADIUS authentication when you configure a connection between the system and the authentication server. You can change the management port (8305/tcp). However, Cisco strongly recommends that you keep the default setting. If you change the management port, you must change it for all appliances in the deployment. You can use port 32137/tcp to communicate with the Cisco AMP cloud. However, Cisco recommends you use the default of port 443. Default Communication Ports for Firepower System Features and Operations The following table lists the open ports required by each appliance type so that you can take full advantage of Firepower System features. Table 2: Default Communication Ports for Firepower System Features and Operations Port Description Direction Is Open on... To... 22/tcp SSH/SSL allow a secure remote connection to the appliance. 25/tcp SMTP send email notices and alerts from the appliance. 53/tcp DNS use DNS. 67/udp DHCP use DHCP. Note that these ports are closed by default. 68/udp 80/tcp HTTP, allow the RSS Feed dashboard widget to connect to a remote web server. Firepower Configuration Guide, Version 6.0 3

Default Communication Ports for Firepower System Features and Operations Security, Internet Access, and Communication Ports Port Description Direction Is Open on... To... update custom and third-party Security Intelligence feeds via HTTP. download URL category and reputation data (port 443 also required). 161/udp SNMP allow access to an appliance s MIBs via SNMP polling. 162/udp SNMP send SNMP alerts to a remote trap server. 389/tcp 636/tcp LDAP except NGIPSv communicate with an LDAP server for external authentication. 389/tcp LDAP obtain metadata for detected LDAP users. 636/tcp 443/tcp HTTPS Inbound except NGIPSv access an appliance s web interface. 443/tcp HTTPS obtain: AMQP AMP cloud, AMP Threat Grid cloud, and Threat Intelligence Communication Preferences software, intrusion rule, VDB, and GeoDB updates URL category and reputation data (port 80 also required) the Intelligence Feed and other secure Security Intelligence feeds endpoint-based (AMP for Endpoints) malware events malware dispositions for files detected in network traffic dynamic analysis information on submitted files, download software updates using the device s local web interface. managed device submit files for dynamic analysis. 514/udp syslog send alerts to a remote syslog server. 623/udp SOL/LOM allow you to perform Lights-Out Management using a Serial Over LAN (SOL) connection. 1500/tcp 2000/tcp database access Inbound allow read-only access to the database by a third-party client. 1812/udp 1813/udp RADIUS except NGIPSv communicate with a RADIUS server for external authentication and accounting. 4 Firepower Configuration Guide, Version 6.0

Security, Internet Access, and Communication Ports Default Communication Ports for Firepower System Features and Operations Port Description Direction Is Open on... To... 3306/tcp User Agent Inbound communicate with User Agents. 8302/tcp estreamer communicate with an estreamer client., 8305/tcp appliance comms. securely communicate between appliances in a deployment. Required. 8307/tcp host input client communicate with a host input client. 32137/tcp AMP cloud and Threat Intelligence Communication Preferences allow upgraded s to communicate with the Cisco AMP cloud. Firepower Configuration Guide, Version 6.0 5

Default Communication Ports for Firepower System Features and Operations Security, Internet Access, and Communication Ports 6 Firepower Configuration Guide, Version 6.0

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback