Enterprise Firewall - v1

Enterprise Network Firewall
S.N.
1
1.1
2.1
2.2
2.3
3.1
3.2
3.3
3.4
4.1
4.2
4.3
4.4
4.5
4.6
5
5.1
5.2
5.3
5.4
5.5
5.6
5.7
5.8
5.9
5.1
0
5.1
5.1
5.1
5.1
5.1
5
5.1
5.1
5.1
5.1
9
5.2
5.2
5.2
5.2
5.2
5.2
5.2
5.2
7
5.2
5.2
6.1
6.2
6.3
6.4
6.5
7.1
7.2
8
8.1
8.2
9
9.1
9.2
9.3
9.4
9.5
9.6
9.7
9.8
9.9
9.1
9.1
1
se Network Firewall
Specifications
Industry Certifications and Evaluations
Firewall solution offered from OEM must be there in the latest Magic Quadrant for Enterprise
Network Firewall published by Gartner
Hardware Architecture
The appliance based security platform should be capable of providing firewall, application visibility,
and IPS functionality in a single appliance
The appliance should have at least 4 * 1G ports and 4 * 10 G ports from day one
The appliance hardware should be a multicore CPU architecture with a hard- ened 64 bit operating
system to support higher memory
Performance & Scalability
Should support at least 5 Gbps of NGFW Real world performance (includes FW, Application
Visibility & IPS) and should be scalable to 7 Gbps in future without any hardware up gradation
NG Firewall should support at least 8,000,000 concurrent sessions
NG Firewall should support at least 60,000 connections per second with Appli- cation visibility
NG Firewall should support at least 1000 VLANs
High-Availability Features
Firewall should support Active/Standby or Active/Active failover
Firewall should support ether channel functionality for the failover control & date interfaces for
provide additional level of redundancy
Firewall should support redundant interfaces to provide interface level redundancy before device
failover
Firewall should support 802.3ad Ether channel functionality to increase the bandwidth for a segment.
Firewall should have integrated redundant power supply
Firewall should have redundant hot-swappable FANs

Firewall Features
Solution must be capable of passively gathering information about network hosts and their activities,
such as operating system, services, open ports, client applications, and vulnerabilities, to assist with
multiple activities, such as intrusion event data correlation, elimination of false positives, and policy
compliance.
Firewall should support creating access-rules with IPv4 & IPv6 objects simul- taneously
Firewall should support operating in routed & transparent mode
Should support Static, RIP, OSPF, OSPFv3 and BGP, BGPv6,
Firewall should support manual NAT and Auto-NAT, static NAT, dynamic NAT, dynamic pat
Firewall should support Nat66 (IPv6-to-IPv6), Nat 64 (IPv6-to-IPv4) & Nat46 (IPv4-to-IPv6)
functionality
Firewall should support Multicast protocols like IGMP, PIM, etc.
Should support security policies based on security group tag in source or destination fields or both
Should support capability to receive contextual user information like username, IP address,
authentication status, location and device information from 3rd party vendors
Should support capability to limit bandwidth on basis of apps / groups, Net- works / Geo, Ports, etc.
Should support capability to limit bandwidth on basis of apps / groups, Net- works / Geo, Ports, etc.
Should be capable of dynamically tuning IDS/IPS sensors (e.g., selecting rules, configuring policies,
updating policies, etc.) with minimal human intervention.
Should be capable of automatically providing the appropriate inspections and protections for traffic
sent over non-standard communications ports.
Should be able to link Active Directory and/or LDAP usernames to IP addresses related to suspected
security events.
Should be capable of detecting and blocking IPv6 attacks.
Solution should support full-featured NBA capability to detect threats emerging from inside the
network. This includes the ability to establish “normal” traffic baselines through flow analysis
techniques (e.g., Net Flow) and the ability to detect deviations from normal baselines.
Solution should support the capability to configure the access policy on the basis of IP Address, User
ID/Group, VLAN, Network, Objects, Device type, Lo- cation, Ports, Protocols, etc.
Solution must provide IP reputation feed that comprised of several regularly updated collections of
poor reparation of IP addresses determined by the proposed security vendor
Solution must support IP reputation intelligence feeds from third party and cus-
tom lists of IP addresses including a global blacklist.
Should support URL and DNS threat intelligence feeds to protect against threats
Should support URL and DNS threat intelligence feeds to protect against threats
Should support Reputation- and category-based URL filtering offering comprehensive alerting and
control over suspect web traffic.
Solution must be capable of passively gathering details unique to mobile devices traffic to identify a
wide variety of mobile operating systems, mobile applications and associated mobile device
hardware.
Should support more than 4000 application layer and risk-based controls that can invoke tailored
intrusion prevention system (IPS) threat detection policies to optimize security effectiveness.
Should support the capability (by purchasing license) of providing network- based detection of
malware by checking the disposition of unknown files in the cloud using the SHA-256 file-hash as
they transit the network and capability to do dynamic analysis on premise (if required in future) on
purpose built- appliance
NGFW OEM must have its own threat intelligence analysis center and should use the global footprint
of security deployments for more comprehensive network protection.
The detection engine should support capability of detecting and preventing a wide variety of threats
(e.g., malware, network probes/reconnaissance, VoIP attacks, buffer overflows, P2P attacks, etc.).
Should be able to identify attacks based on Geo-location and define policy to block on the basis of
Geo-location
The detection engine should support the capability of detecting variants of known threats, as well as
new threats
The detection engine must incorporate multiple approaches for detecting threats, including at a
minimum exploit-based signatures, vulnerability-based rules, protocol anomaly detection, and
behavioral anomaly detection techniques. Identify and explain each type of detection mechanism
supported.
Should support Open based Application ID for access to community resources and ability to easily
customize security to address new and specific threats and applications quickly
VPN features
Firewall should support RFC 6379 based Suite-B Cryptography Suites/algorithms like AES-
GCM/GMAC support (128-, 192-, and 256-bit keys), ECDH support (groups 19, 20, and 21), ECDSA
support (256-, 384-, and 521-bit elliptic curves) for enhanced VPN security.
Firewall should support latest IKEv2 standards for supporting SHA-2 256, 384 & 512 bit message
integrity algorithms in hardware to ensure there is no performance bottleneck & higher security.
Should support pre-shared keys & Digital Certificates for VPN peer authentication
Should support perfect forward secrecy & dead peer detection functionality
Should support Nat-T for IPsec VPN
Regulatory Compliance
Firewall shall conform to UL 60950 or IEC 60950 or CSA 60950 or EN 60950 Standards for Safety
requirements of Information Technology Equipment.
Firewall shall conform to EN 55022 Class A/B or CISPR22 Class A/B or CE Class A/B or FCC Class
A/B Standards for EMC (Electro Magnetic Compati- bility) requirements.
Evaluation Compliance
Firewall/ Firewall’s Operating System should be tested and certified for EAL 4/NDPP or above under
Common Criteria Certification or FIPS Level 2 Certifi- cations
Firewall/ Firewall’s Operating System should be USGv6/IPv6 Certified/IPv6 logo ready

Management
The management platform must be accessible via a web-based interface and ideally with no need for
additional client software
The management platform must provide a highly customizable dashboard.
The management platform must be capable of integrating third party vulnerability information into
threat policy adjustment routines and automated tuning workflows
The management platform must be capable of role-based administration, enabling different sets of
views and configuration capabilities for different administrators subsequent to their authentication.
Should support REST API for monitoring and config. programmability
Should support troubleshooting techniques like Ping, Trace route, etc.
The management platform must provide multiple report output types or formats, such as PDF,
HTML, and CSV.
The management platform must support multiple mechanisms for issuing alerts (e.g., SNMP, e-mail,
SYSLOG).
The management platform must provide robust reporting capabilities, including a selection of pre-
defined reports and the ability for complete customization and generation of new reports.
The management platform should support risk reports like advanced malware, attacks and network
The management platform must include an integration mechanism, preferably in the form of open
APIs and/or standard interfaces, to enable events and log data to be shared with external network and
security management applications, such as Security Information and Event Managers (SIEMs), and
log management tools.
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
Yes
Yes
Partially
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Remarks
https://www.gartner.com/doc/reprints?id=1-
3QXPT7L&ct=170117&st=sb&mkt_tok=eyJpIjoiWVdNd1pEVmtPVFEzTjJWayIsInQiOiJmcXNFbnZoQnB
PQUo4b1N3Mis5RDhqbXE0U0oyamdkOHdBRnBncDYyYm9Gdld3MmYwZlVxZG9SNERNWVB5OEdO
NUxoaXlDMCtqamQ5YTQ0WUNBSDFROVFJRkpXMkdKQzdjaEFCR2x6R2tPRUR4XC9UNTg5ZU9m
UTQ5M2hqZ1lEdWkifQ%3D%3D
Firepower with FTD supports Application visibility and Control.

http://www.cisco.com/c/dam/en/us/products/collateral/security/firepower-4100-series/datasheet-c78-
736661.pdfYes. IPS is available as an engine. IPS can be activated per Access Control Policy Rule with even
different IPS policy set per rule.
http://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-
v60/Access_Control_Using_Intrusion_and_File_Policies.html
Firepower 4100 series supports a minimum of 8, up to maximum 24 x 10 Gigabit Ethernet (SFP+) interfaces.
736661.pdf
http://www.cisco.com/c/en/us/td/docs/security/firepower/4100/hw/guide/b_install_guide_4100/b_install_guid
e_4100_chapter_01.html
The system supports 12 Gbps FW + Application Visibility Control throughput. This doesn't include potential
'Fastpath' configurations. Please consult the datasheet for more details on performance:
736661.pdf
Cisco Firepower 4110 supports up to 9 million concurrent connections and 68,000 new connections per
second. Please refer to table 2 in the datasheet:
736661.pdf
Cisco Firepower 4110 supports up to 9 million concurrent connections and 68,000 new connections per
second. Please refer to table 2 in the datasheet:
736661.pdf
Cisco Firepower supports a maximum of 1024 VLANs. Please refer to the datasheet table 2:
http://www.cisco.com/c/en/us/products/collateral/security/firepower-4100-series/datasheet-c78-736661.html
On the Firepower 4100 platform with FTD logical device currently Active/Standby redundancy is the only
supported redundancy mode. Forthcoming releases will contain clustering and Active/Active modes as well.
In case of Firepower 9300 in-chassis clustering can be used to implement Active/Active redundancy.
Alternatively Active/Standby can be used between Security Modules in the same- or in different chassis.
v601/fpmc-config-guide-v601_chapter_01100110.html
Cisco Firepower support the use of any unused data interface (physical, redundant, or EtherChannel) as the failover link.
Please read more in the configuration guide:
v62/firepower_threat_defense_high_availability.html
Cisco Firepower support failover of links. Please read more in the configuration guide:
v62/firepower_threat_defense_high_availability.html#ID-2107-0000003f
Firepower Threat Defense supports 802.3ad Link Aggregation.
This solution supports redundancy & high resilience features such as redundant power supplies and fans. The
firepower 4100 support redundancy power(two) and fan(six). Please refer to following link: Table 4. Cisco
Firepower 4100 Series Hardware Specifications.
736661.pdf
The fan and power module support hot-swappable on the firepower 4140. Please refer to following link:
736661.pdf
Cisco Firepower supports host profiling. Please read more about host profiling in the configuration guide:
v62/using_host_profiles.html
Cisco Firepower support both IPv4 and IPv6. Please read more in the configuration guide:
v62/introduction_to_the_cisco_firepower_system.html
Cisco Firepower supports both routed and transparent mode. Please read more in the configuration guide:
v62/interfaces_for_firepower_threat_defense.html#concept_A07802A0D6474161980C440DEB68B6BD
Routing on Firepower Threat Defense supports the following protocol: EIGRP, OSPF (v2 and v3), RIPv2,
and BG. Please read more in the configuration guide:
Cisco Firepower support NAT. Please read more in the configuration guide:
v62/nat_for_firepower_threat_defense.html#ID-2090-0000002e
Cisco Firepower support NAT66, NAT64 and NAT46, please read more on NAT support in the configuration
guide: http://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-
v62/nat_for_firepower_threat_defense.html#ID-2090-000000cb
Cisco Firepower support both IGMP and PIM multicast routing protocols. Please read more in the
configuration guide: http://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-
config-guide-v62/multicast_routing_for_firepower_threat_defense.html
The proposed solution supports Policy based routing based on source or destination network, source or
destination address, source or destination port, protocol, packet size, and packet classification among several
others. [About Policy Based Routing]
http://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/route-
policy-based.html
Cisco Firepower 4110 NGFW can receive contextual information from 3rd party vendors via pxGrid. The
Cisco® pxGrid (Platform Exchange Grid) is an open, scalable and IETF standards-driven data-sharing and
threat control platform. It allows multiple security products to work together.
IT and security vendors can use pxGrid to share context with Cisco platforms that use pxGrid, as well as with
systems from any other pxGrid ecosystem partner.
More on Cisco pxGrid please see:
https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/at_a_glance_c45-
728420.pdf
http://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/white-paper-c11-
735489.html
Cisco Firepower 4110 NGFW support capability to limit bandwidth on basis of applications, networks, user,
groups etc.
Please see item “Rate Limiting” in table 5:
http://www.cisco.com/c/en/us/td/docs/security/firepower/610/6101/relnotes/Firepower_System_Release_Note
s_Version_6101.html
Cisco Firepower 4110 NGFW support capability to limit bandwidth on basis of applications, networks, user,
groups etc.
Please see item “Rate Limiting” in table 5:
http://www.cisco.com/c/en/us/td/docs/security/firepower/610/6101/relnotes/Firepower_System_Release_Note
s_Version_6101.html
Cisco Firepower 4110 NGFW is capable of dynamically tuning IDS/IPS sensors (e.g., selecting rules,
configuring policies, updating policies, etc.) with minimal human intervention.
Please refer to chapter 72 “Tuning Intrusion Policies Using Rules” page 1341:
http://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62.pdf
Cisco Firepower 4110 NGFW is capable of providing the appropriate inspections and protections for traffic
sent over non-standard communications ports. Cisco 4110 NGFW uses IPS engine based on Snort rules.
There are many Snort IPS rules/signatures that detect attacks based on using non-standard port.
Please see Snort rules detecting threats based on using non-standard ports here:
https://www.snort.org/search?query=non+standard+port&submit_search=
Cisco Firepower 4110 NGFW is able to link Active Directory and LDAP usernames to IP addresses. To
obtain user identity data, identity sources monitor users as they log in and out, or as they authenticate using
Microsoft Active Directory (AD) or LDAP credentials.
Please see page 315: http://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-
config-guide-v62.pdf
Inspection of IPv6 traffic to detect and block IPv6 attacks is supported, including using 4in6, 6in4, 6to4 and
6in6 tunneling schemes.
v60/Access_Control_Rules.html
Cisco Firepower 4110 NGFW is a perimeter firewall that protects the network by analyzing the traffic that is
passing through it. It is not a NetFlow analysis and NBA solution. This function is delivered by Cisco
Stealthwatch solution.
Cisco Firepower 4110 NGFW supports the capability to configure the access policy on the basis of IP
Address, User ID/Group, VLAN, Network, Objects, Device type, Lo- cation, Ports, Protocols, etc.
See section “Access Control”, page 1097:
Using class-leading Collective Security Intelligence (CSI) from Cisco Talos Group, Cisco provides feeds
containing IP addresses with poor reputation, specifically the Intelligence Feed. More details provided under ?
Security Intelligence Strategies? here:
v60/Security_Intelligence_Blacklisting.html
Cisco Firepower 4110 NGFW does not support IP reputation intelligence feeds from third party, but it
supports custom lists of IP addresses including a global blacklist.
See “Manual URL Filtering”, page 311:
Cisco Firepower 4110 NGFW supports URL and DNS threat intelligence feeds to protect against threats.
Security Intelligence lists and feeds, collectively called Security Intelligence objects, help you configure
Security Intelligence. Each list or feed is a collection of IP addresses, URLs, or domain names that you want
to blacklist (immediately block) or whitelist (allow to pass for further analysis).
Page 367: http://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-
guide-v62.pdf
Cisco Firepower 4110 NGFW supports URL and DNS threat intelligence feeds to protect against threats.
Security Intelligence lists and feeds, collectively called Security Intelligence objects, help you configure
Security Intelligence. Each list or feed is a collection of IP addresses, URLs, or domain names that you want
to blacklist (immediately block) or whitelist (allow to pass for further analysis).
Page 367: http://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-
guide-v62.pdf
Cisco Firepower 4110 NGFW supports Reputation- and category-based URL filtering. This function is called
URL filtering.
Please see table 20, page 118:
Cisco Firepower 4110 NGFW is capable of passively gathering details unique to mobile devices traffic to
identify a wide variety of mobile operating systems, mobile applications and associated mobile device
hardware.
Because you can’t protect what you can’t see, the Cisco Firepower Management Center automatically
collects, collates, and displays contextual information about everything running in your environment. Table 1
illustrates the breadth of contextual awareness provided into threat vectors that more traditional security
technologies do not detect. This critical insight into your network is available for use in your protection
policies to provide a level of protection that other solutions cannot.
Please see table 1: http://www.cisco.com/c/en/us/products/collateral/security/firesight-management-
center/datasheet-c78-736775.html
Cisco Firepower 4110 NGFW support more than 4000 application layer and risk-based controls that can
invoke tailored intrusion prevention system (IPS) threat detection policies to optimize security effectiveness.
See table 2: http://www.cisco.com/c/dam/en/us/products/collateral/security/firepower-4100-series/datasheet-
c78-736661.pdf
Cisco Firepower 4110 NGFW provides network- based detection of malware by checking the disposition of
unknown files in the cloud using the SHA-256 file-hash as they transit the network and capability to do
dynamic analysis on premise (if required in future) on purpose built- appliance. The function is called AMP
protection. The dynamic analysis part is done by ThreatGrid and can be deployed on premise.
See section “Advanced Malware Protection (AMP) and File Control”, page 1265:
Cisco Firepower 4110 NGFW have its own threat intelligence analysis center and should use the global
footprint of security deployments for more comprehensive network protection. The intelligence is called
Cisco Talos Group.
For more info please refer to: http://www.cisco.com/c/en/us/products/security/talos.html
Cisco Firepower 4110 NGFW has capability of detecting and preventing a wide variety of threats.
See Firepower Management Configuration guide for more details and table 122, page 1401:
Cisco Firepower 4110 NGFW able to identify attacks based on Geo-location and define policy to block on
the basis of Geo-location.
See page 1792: http://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-
Cisco Firepower 4110 NGFW support the capability of detecting variants of known threats, as well as new
threats. 4110 NGFW uses Cisco Talos Group as Collective Security Intelligence (CSI) which monitors global
threats and updates the NGFW with latest database to detect known and new threats.
Refer to: http://www.cisco.com/c/en/us/products/security/talos.html
Cisco Firepower 4110 NGFW uses the detection engine that incorporate multiple approaches for detecting
threats. The classification is called Indications of Compromise. Firepower management center that manages
4110 NGFW uses IOC rules in the network discovery policy to identify a host as likely to be compromised by
malicious means. The Firepower Management Center can tag the host and user involved when one of the
following things occurs:
• The system correlates data gathered about your monitored network and its traffic, using intrusion,
connection, Security Intelligence, and file or malware events, and determines that a potential IOC has
occurred.
See page 1765: http://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-
Cisco Firepower 4110 NGFW support Open based Application ID for access to community resources and
ability to easily customize security to address new and specific threats and applications quickly.
Please refer to: http://www.cisco.com/c/dam/en/us/products/collateral/security/firepower-4100-
series/datasheet-c78-736661.pdf
Cisco Firepower 4110 NGFW supports Suite-B Cryptography algorithms like AES-GCM/GMAC etc.
Please refer to “Deciding Which Encryption Algorithm to Use” section, page 742:
v62.pdf
Cisco Firepower 4110 NGFW supports IKEv2 standards for supporting SHA-2 256, 384 & 512 bit
message integrity algorithms.
Please refer to section “Deciding Which Hash Algorithms to Use”, page 743:
v62.pdf
Cisco Firepower 4110 NGFW supports pre-shared keys & Digital Certificates for VPN peer
authentication.
Please see section “Deciding Which Authentication Method to Use”, page 744:
Cisco Firepower 4110 NGFW supports perfect forward secrecy. Also you can enable IKE
Keepalives.
See section “Firepower Threat Defense VPN IPsec Options”, page 757:
Cisco Firepower 4110 supports Nat-T for IPSec VPN.
Please see section “NAT and Site-to-Site VPN”, page 999:
v62.pdf
Cisco Firepower 4110 NGFW conforms to UL 60950-1 Standards for Safety requirements of
Information Technology Equipment.
Please see table 6: http://www.cisco.com/c/dam/en/us/products/collateral/security/firepower-4100-
Cisco Firepower 4110 NGFW conforms to EN 55022 Class A Standards for EMC (Electro
Magnetic Compatibility) requirements.
Please see table 6: http://www.cisco.com/c/dam/en/us/products/collateral/security/firepower-4100-
Cisco Firepower 4110 NGFW has not been yet tested and certified for EAL 4/NDPP. The roadmap is to have
the certification in March/April 2017.
Cisco Firepower 4110 NGFW is USGv6 certified.
Please refer to: https://www.iol.unh.edu/registry/usgv6
Cisco Firepower 4110 NGFW is managed via Firepower Management Center which is accessible
via a web-based interface and with no need for additional client software.
See section “Getting Started With the Firepower System”, page 1:
v62.pdf
Cisco Firepower 4110 NGFW is managed via Firepower Management Center which provides the
visibility you need through customizable dashboards with custom and template-based reports.
http://www.cisco.com/c/en/us/products/collateral/security/firesight-management-center/datasheet-
c78-736775.html
Firepower can receive vulnerability reports from Qualys. There is even a guide on using the Firepower Qualys
Connector: http://www.cisco.com/c/dam/en/us/td/docs/security/firesight/qualys/FireSIGHT-System-Qualys-
Connector-Guide-v1-0-1.pdf
Also Firepower Management Center which can receive vulnerability information from 3 rd party
vendors via pxGrid. The Cisco® pxGrid (Platform Exchange Grid) is an open, scalable and IETF
standards-driven data-sharing and threat control platform. It allows multiple security products to
work together.
IT and security vendors can use pxGrid to share context with Cisco platforms that use pxGrid, as
well as with systems from any other pxGrid ecosystem partner.
https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-
engine/at_a_glance_c45-728420.pdf
735489.html
Cisco Firepower 4110 NGFW is managed via Firepower Management Center which offers role-
based administration, enabling different sets of views and configuration capabilities for different
administrators subsequent to their authentication.
Please see “User Roles”, page 43:
v62.pdf
Cisco Firepower 4110 NGFW is managed via Firepower Management Center which supports
REST API for monitoring and config. Programmability.
See “REST API Preferences”, page 826:
v62.pdf
Cisco Firepower 4110 NGFW support troubleshooting techniques like Ping, Trace route, etc. You
can execute selected Firepower Threat Defense command line interface (CLI) commands from the
Firepower Management Center web interface. These commands are ping, packet-tracer,
traceroute, and show (except for the show subcommands history and banner).
See page 262:
v62.pdf
Cisco Firepower 4110 NGFW is managed via Firepower Management Center which provides
multiple report output types or formats, such as PDF, HTML, and CSV. A report is a document file
formatted in PDF, HTML, or CSV with the content you want to communicate.
See page 1888:
v62.pdf
Cisco Firepower 4110 NGFW is managed via Firepower Management Center which support
multiple mechanisms for issuing alerts (e.g., SNMP, e-mail, SYSLOG).
Please see chapter “External Alerting with Alert Responses” for details, page 1917:
v62.pdf
Cisco Firepower 4110 NGFW is managed via Firepower Management Center which provides
robust reporting capabilities, including a selection of pre-defined reports and the ability for complete
customization and generation of new reports.
See part “Reporting and Alerting”, page 1885:
v62.pdf
Cisco Firepower 4110 NGFW is managed via Firepower Management Center which supports risk reports
like advanced malware, attacks and network. Risk reports are portable, high-level, easy-to-interpret
summaries of risks found in your organization.
Please see section “Risk Reports”, page 1887:
Cisco Firepower 4110 NGFW is managed via Firepower Management Center which utilizes several
mechanisms to share data with external network and security management applications like REST API,
pxGrid.
The Cisco® pxGrid (Platform Exchange Grid) is an open, scalable and IETF standards-driven data-sharing
and threat control platform. It allows multiple security products to work together.
IT and security vendors can use pxGrid to share context with Cisco platforms that use pxGrid, as well as with
systems from any other pxGrid ecosystem partner.
https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/at_a_glance_c45-
728420.pdf
735489.html
For REST API see “REST API Preferences”, page 826:

Enterprise Firewall - v1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Enterprise Firewall - v1

Uploaded by

Copyright:

Available Formats

Enterprise Network Firewall

Performance & Scalability

NG Firewall should support at least 8,000,000 concurrent sessions

NG Firewall should support at least 1000 VLANs

Firewall should support Active/Standby or Active/Active failover

Firewall should have integrated redundant power supply

Firewall should have redundant hot-swappable FANs

Firewall should support operating in routed & transparent mode

Should support Static, RIP, OSPF, OSPFv3 and BGP, BGPv6,

Firewall should support Multicast protocols like IGMP, PIM, etc.

Should be capable of detecting and blocking IPv6 attacks.

tom lists of IP addresses including a global blacklist.

Should support Nat-T for IPsec VPN

Firewall/ Firewall’s Operating System should be USGv6/IPv6 Certified/IPv6 logo ready

The management platform must provide a highly customizable dashboard.

Should support REST API for monitoring and config. programmability

Should support troubleshooting techniques like Ping, Trace route, etc.

Firepower with FTD supports Application visibility and Control.

You might also like