EasyManua.ls Logo

Cisco Firepower 4110 User Manual

Cisco Firepower 4110
72 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #38 background imageLoading...
Page #38 background image
Cisco Preparative Procedures & Operational User Guide
© 2016 Cisco Systems, Inc. All rights reserved.
12) (Optional) Set IKE-SA lifetime in minutes:
set ike-rekey-time minutes
The minutes value can be any integer between 60-1440, inclusive.
13) (Optional) Set Child SA lifetime in minutes (30-480):
set esp-rekey-time minutes
The minutes value can be any integer between 30-480, inclusive.
14) (Optional) Set the number of retransmission sequences to perform during initial connect:
set keyringtries retry_number
The retry_number value can be any integer between 1-5, inclusive.
15) (Optional) Enable or disable the certificate revocation list check:
set revoke-policy [relaxed | strict]
16) Enable the connection:
set admin-state enable
17) Reload all connections:
reload-conns
18) (Optional) Add existing trustpoint name to IPsec:
create authority trustpoint_name
19) Configure the enforcement of matching cryptographic key strength between IKE and SA connections:
set sa-strength-enforcement [yes | no]
If SA enforcement is enabled (yes)
When IKE negotiated key size is less then ESP
negotiated key size, the connection fails.
When IKE negotiated key size is larger or equal to the
ESP negotiated key size, SA enforcement check passes
and the connection is successful.
If SA enforcement is disabled (no)
SA enforcement check automatically passes and the
connection is successful.
When CC mode is enabled, FXOS supports the following:
IKE version*: version 2
IPsec Mode: tunnel, transport
o set mode {tunnel |transport}
IKEv2 Mode*: main mode
IKEv2 Ciphers*:
o Encryption algorithms: AES-CBC-128, AES-CBC-256, AES-GCM-128
o Integrity algorithms: SHA-1

Table of Contents

Other manuals for Cisco Firepower 4110

Preview: Hardware Installation Guide
Hardware Installation Guide84 pages
Preview: Manual
Manual26 pages
Question and Answer IconNeed help?

Do you have a question about the Cisco Firepower 4110 and is the answer not in the manual?

Cisco Firepower 4110 Specifications

General IconGeneral
Power SupplyDual, hot-swappable
Form Factor1RU
Firewall Throughput (Multiprotocol)10 Gbps
Number of 10GE (SFP+) Interfaces8
Number of 40GE (QSFP+) Interfaces2
Redundant Power SupplyYes
Memory32 GB
Ports8 x 10GE, 2 x 40GE
Concurrent Sessions8 Million
Number of 10/100/1000 Interfaces8
Maximum Connections8 Million
Management Ports1 x RJ45
Data Ports8 x 10GE, 2 x 40GE
ProcessorIntel Xeon E5-2600

Summary

Introduction and Operational Environment

1.1 Common Criteria Evaluated Configuration

Defines requirements for a secure system deployment under Common Criteria.

2.1 Operational Environment Components

Lists essential system components like management workstations and servers.

2.2 Environmental Assumptions

Specifies expected conditions for the operational environment and administrators.

Assurance Activity Configuration

4.1 Logging into the Appliance

Guides users on accessing the Firepower Chassis Manager via web or CLI.

4.3 Enable FIPS and CC Mode

Details enabling FIPS and Common Criteria modes for enhanced security compliance.

4.4 Configure Secure Connections

Covers secure connections using Syslog, LDAP, RADIUS, TACACS+, and IPsec.

System Management and Configuration

4.5.1 IP Management and Pre-Login Banner

Covers changing management IP addresses and setting pre-login banners.

4.5.2 Image Management

Explains managing platform bundle and application images for FXOS chassis.

4.5.3 User and Role Management

Details user account creation, roles, and authentication service selection.

4.5.6 Configure PKI

Describes Public Key Infrastructure configuration for HTTPS and IPsec.

System Self-Tests

4.6 Self-Tests

Details FIPS 140-2 self-tests during power-up and potential failure scenarios.

Related product manuals