5-8
Firepower 7000 and 8000 Series Installation Guide
Chapter 5 Setting Up Firepower Managed Devices
Initial Setup Page: Firepower Devices
Detection Mode
The detection mode you choose for a device determines how the system initially configures the device’s
interfaces, and whether those interfaces belong to an inline set or security zone.
The detection mode is not a setting you can change later; it is simply an option you choose during setup
that helps the system tailor the device’s initial configurations. In general, you should choose a detection
mode based on how your device is deployed:
Passive
Choose this mode if your device is deployed passively, as an intrusion detection system (IDS). In a
passive deployment, you can perform file and malware detection, Security Intelligence monitoring,
as well as network discovery.
Inline
Choose this mode if your device is deployed inline, as an intrusion prevention system. An intrusion
prevention system usually fails open and allows non-matching traffic.
In an inline deployment, you can also use AMP for Networks, file control, Security Intelligence
filtering, and network discovery.
Although you can select the inline mode for any device, keep in mind that inline sets using the
following interfaces lack bypass capability:
–
non-bypass NetMods on 8000 Series devices
–
SFP transceivers on 71xx Family devices
Note Reimaging resets devices in inline deployments to a non-bypass configuration; this disrupts traffic on
your network until you reconfigure bypass mode. For more information, see Traffic Flow During the
Restore Process, page 8-1.
Access Control
Choose this mode if your device is deployed inline as part of an access control deployment, that is,
if you want to perform application, user, and URL control. A device configured to perform access
control usually fails closed and blocks non-matching traffic. Rules explicitly specify the traffic to
pass.
You should also choose this mode if you want to take advantage of your device’s specific
hardware-based capabilities, which include (depending on model): high availability, strict TCP
enforcement, fast-path rules, switching, routing, DHCP, NAT, and VPN.
In an access control deployment, you can also perform AMP for Networks, file control, Security
Intelligence filtering, and network discovery.
Network Discovery
Choose this mode if your device is deployed passively, to perform host, application, and user
discovery only.
The following table lists the interfaces, inline sets, and zones that the system creates depending on the
detection mode you choose.
To Next Page
Loading...
