AMP for Networks
|
Malware cloud lookups.
|
Both peers perform lookups.
|
See Required Server Addresses for
Proper Cisco Secure Endpoint & Malware Analytics
Operations.
|
Download signature updates for file preclassification and local
malware analysis.
|
Active peer downloads, syncs to standby.
|
updates.vrt.sourcefire.com
amp.updates.vrt.sourcefire.com
|
Submit files for dynamic analysis (managed devices).
Query for dynamic analysis results (FMC).
|
Both peers query for dynamic analysis reports.
|
fmc.api.threatgrid.com
fmc.api.threatgrid.eu
|
AMP for Endpoints integration
|
Receive malware events detected by AMP for
Endpoints from the AMP cloud.
Display malware events detected
by the Firepower system in AMP for Endpoints.
Use centralized file Block and
Allow lists created in AMP for Endpoints to override
dispositions from the AMP cloud.
|
Both peers receive events.
You must also configure the cloud connection on both peers
(configuration is not synced).
|
See Required Server Addresses for
Proper Cisco Secure Endpoint & Malware Analytics
Operations.
|
Security Intelligence
|
Download Security Intelligence feeds.
|
Active peer downloads, syncs to standby.
|
intelligence.sourcefire.com
|
URL filtering
|
Download URL category and reputation
data.
Manually query (look up) URL category and reputation data.
Query for uncategorized URLs.
|
Active FMC downloads, syncs to standby.
|
database.brightcloud.com
service.brightcloud.com
|
Cisco Smart Licensing
|
Communicate with the Cisco Smart Software Manager.
|
Active peer communicates.
|
tools.cisco.com:443
www.cisco.com
|
System updates
|
Download updates directly to the FMC:
|
Update intrusion rules, the VDB, and the GeoDB on the active
peer, which then syncs to the standby.
Upgrade the system software independently on each peer. See the
Cisco Firepower Management Center
Upgrade Guide, Version 6.0–7.0.
|
cisco.com
sourcefire.com
|
Time synchronization
|
Synchronize time in your deployment.
Not supported with a proxy server.
|
Any appliance using an external NTP server must have internet
access.
|
0.sourcefire.pool.ntp.org
1.sourcefire.pool.ntp.org
2.sourcefire.pool.ntp.org
3.sourcefire.pool.ntp.org
|
RSS feeds
|
Display the Cisco Threat Research Blog on
the dashboard.
|
Any appliance displaying RSS feeds must have internet access.
|
feeds.feedburner.com
|
Whois
|
Request whois information for an external
host.
Not supported with a proxy server.
|
Any appliance requesting whois information must have internet
access.
|
The whois client tries to guess the right server to query. If it
cannot guess, it uses:
|