EasyManua.ls Logo

Cisco Firepower 2100 User Manual

Cisco Firepower 2100
232 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #165 background imageLoading...
Page #165 background image
SSH supports the following ciphers and key exchange:
Encryption—aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr
Integrity—hmac-sha2-256
Key exchange—dh-group14-sha256
After you make three consecutive failed attempts to log into the CLI using SSH, the device terminates the
SSH connection.
Note
Before you begin
You can configure SSH internal users at the CLI using the configure user add command. By default,
there is an admin user for which you configured the password during initial setup. You can also configure
external users on LDAP or RADIUS by configuring External Authentication in platform settings.
You need network objects that define the hosts or networks you will allow to make SSH connections to
the device. You can add objects as part of the procedure, but if you want to use object groups to identify
a group of IP addresses, ensure that the groups needed in the rules already exist. Select Objects > Object
Management to configure objects.
You cannot use the system-provided any network object. Instead, use any-ipv4
or any-ipv6.
Note
Procedure
Step 1 Choose Devices > Platform Settings and create or edit the threat defense policy.
Step 2 Select SSH Access.
Step 3 Identify the interfaces and IP addresses that allow SSH connections.
Use this table to limit which interfaces will accept SSH connections, and the IP addresses of the clients who
are allowed to make those connections. You can use network addresses rather than individual IP addresses.
a) Click Add to add a new rule, or click Edit to edit an existing rule.
b) Configure the rule properties:
IP Address—The network object or group that identifies the hosts or networks you are allowing to
make SSH connections. Choose an object from the drop-down menu, or click + to add a new network
object.
Available Zones/Interfaces—Add the zones that contain the interfaces to which you will allow SSH
connections. For interfaces not in a zone, you can type the interface name into the field below the
Selected Zones/Interfaces list and click Add. You can also add loopback interfaces. These rules
will be applied to a device only if the device includes the selected interfaces or zones.
c) Click OK.
Cisco Firepower 2100 Getting Started Guide
163
Threat Defense Deployment with CDO
Configure SSH on the Manager Access Data Interface

Table of Contents

Question and Answer IconNeed help?

Do you have a question about the Cisco Firepower 2100 and is the answer not in the manual?

Cisco Firepower 2100 Specifications

General IconGeneral
BrandCisco
ModelFirepower 2100
CategoryGateway
LanguageEnglish

Summary

Which Application and Manager is Right for You?

Applications

Overview of the two available applications: Secure Firewall Threat Defense and ASA.

Managers

Discussion of the different manager choices available for the applications.

Threat Defense Deployment with the Management Center

Before You Start

Preparation steps before deploying the threat defense.

Review the Network Deployment

Details on how to review the network setup for deployment.

Cable the Device

Instructions on how to physically connect the device.

Power on the Device

Steps to power on the threat defense device.

Complete the Threat Defense Initial Configuration

Steps to perform the initial setup of the threat defense.

Log Into the Management Center

Instructions for accessing the management center interface.

Register the Threat Defense with the Management Center

Steps to register the threat defense device with the management center.

Configure a Basic Security Policy

Guidance on setting up fundamental security policies.

Threat Defense Deployment with a Remote Management Center

How Remote Management Works

Explains the mechanisms behind remote threat defense management.

End-to-End Tasks: Low-Touch Provisioning

Steps for deploying threat defense using low-touch provisioning.

Central Administrator Pre-Configuration

Steps for pre-configuring the device by a central administrator.

Deploy the Firewall With Low-Touch Provisioning

Procedures for deploying the firewall using low-touch provisioning.

Threat Defense Deployment with the Device Manager

Review the Network Deployment and Default Configuration

Details the default network setup for device manager deployment.

Cable the Device

Instructions on how to physically connect the device.

Log Into the Device Manager

Instructions for accessing the device manager interface.

Complete the Initial Configuration

Steps to complete the initial device setup.

Configure Licensing

Process for acquiring and applying necessary licenses for the device manager.

Configure the Firewall in the Device Manager

Steps for configuring firewall settings within the device manager.

Threat Defense Deployment with CDO

About Threat Defense Management by CDO

Explains how to manage threat defense using CDO.

End-to-End Tasks: Low-Touch Provisioning

Steps for deploying threat defense using CDO low-touch provisioning.

Central Administrator Pre-Configuration

Steps for pre-configuring the device by a central administrator.

Deploy the Firewall With the Onboarding Wizard

Steps to deploy the firewall using the CDO onboarding wizard.

Configure a Basic Security Policy

Guidance on setting up fundamental security policies.

ASA Appliance Mode Deployment with ASDM

About the ASA

Provides information about the ASA functionality.

Migrating an ASA 5500-X Configuration

Steps for migrating ASA 5500-X configurations.

Cable the Device

Instructions on how to physically connect the device.

Log Into ASDM

Instructions for accessing the ASDM interface.

Configure Licensing

Process for acquiring and applying necessary licenses for the ASA.

Configure the ASA

Steps for configuring the ASA using ASDM.

ASA Platform Mode Deployment with ASDM and Chassis Manager

About the ASA

Provides information about the ASA functionality.

Unsupported Features

Lists ASA and FXOS features not supported on Firepower 2100.

End-to-End Procedure

Outlines the tasks required for ASA platform mode deployment.

Enable Platform Mode

Procedure to switch the device to Platform mode.

Log Into the Chassis Manager

Instructions for accessing the chassis manager interface.

Access the ASA and FXOS CLI

How to access the command-line interfaces for ASA and FXOS.

Related product manuals