EasyManuals Logo

Cisco Firepower 2100 User Manual

Cisco Firepower 2100
232 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #91 background imageLoading...
Page #91 background image
SSH supports the following ciphers and key exchange:
Encryption—aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr
Integrity—hmac-sha2-256
Key exchange—dh-group14-sha256
After you make three consecutive failed attempts to log into the CLI using SSH, the device terminates the
SSH connection.
Note
Before you begin
You can configure SSH internal users at the CLI using the configure user add command. By default,
there is an admin user for which you configured the password during initial setup. You can also configure
external users on LDAP or RADIUS by configuring External Authentication in platform settings.
You need network objects that define the hosts or networks you will allow to make SSH connections to
the device. You can add objects as part of the procedure, but if you want to use object groups to identify
a group of IP addresses, ensure that the groups needed in the rules already exist. Select Objects > Object
Management to configure objects.
You cannot use the system-provided any network object. Instead, use any-ipv4
or any-ipv6.
Note
Procedure
Step 1 Choose Devices > Platform Settings and create or edit the threat defense policy.
Step 2 Select SSH Access.
Step 3 Identify the interfaces and IP addresses that allow SSH connections.
Use this table to limit which interfaces will accept SSH connections, and the IP addresses of the clients who
are allowed to make those connections. You can use network addresses rather than individual IP addresses.
a) Click Add to add a new rule, or click Edit to edit an existing rule.
b) Configure the rule properties:
IP Address—The network object or group that identifies the hosts or networks you are allowing to
make SSH connections. Choose an object from the drop-down menu, or click + to add a new network
object.
Available Zones/Interfaces—Add the zones that contain the interfaces to which you will allow SSH
connections. For interfaces not in a zone, you can type the interface name into the field below the
Selected Zones/Interfaces list and click Add. You can also add loopback interfaces. These rules
will be applied to a device only if the device includes the selected interfaces or zones.
c) Click OK.
Cisco Firepower 2100 Getting Started Guide
89
Threat Defense Deployment with a Remote Management Center
Configure SSH on the Manager Access Data Interface

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Firepower 2100 and is the answer not in the manual?

Cisco Firepower 2100 Specifications

General IconGeneral
BrandCisco
ModelFirepower 2100
CategoryGateway
LanguageEnglish

Related product manuals