Cisco Dynamic Attributes Connector Release Notes
Thank you for choosing Firepower. These are the Cisco Secure Dynamic Attributes Connector Release Notes.
Requirements and Prerequisites for
Following are requirements and prerequisits to use Cisco APIC to send dynamic objects to ASA:
-
Network communication: All of the following must be able to communicate with each other securely:
-
ASA 9.16 and later
-
Cisco APIC 4.2(7q) and later
-
Cisco Secure Dynamic Attributes Connector virtual machine, version 3.1 and later
-
-
ASA requirements
-
License: Essentials
For more information about licensing, see Smart Software Licensing.
-
FQDN: Supported
-
Multi-context: Supported
-
Multi-instance: Supported
-
High availability: Supported
-
Clustering: Supported
-
-
Permissions required:
-
ASA: privilege 15
-
Cisco APIC: at least the
read-allrole withreadPrivaccess and thetenant-adminrole withwritePrivaccess for the security domain
-
New Features in This Release
Integration between Cisco Application Policy Infrastructure Controller (APIC) and ASA
The enables you to send Cisco APIC dynamic endpoint group (EPG) and endpoint security group (ESG) data from tenants to an ASA.
Cisco APIC defines endpoint groups (EPGs) and endpoint security groups (ESGs) that have network object groups. Create a Cisco APIC connector in the Cisco Secure Dynamic Attributes Connector that pulls that data from tenants to on which you can use those objects in access control rules. An ASA adapter pushes network object groups in the configured security context.These prerequisites are discussed in Requirements and Prerequisites for.
 Note |
The Cisco APIC connector can be used only with the ASA adapter in this release. |
Supported Platforms
-
Ubuntu 18.04 to 22.04.2
-
Red Hat Enterprise Linux (RHEL) 7 or 8
-
Python 3.6.x or later
-
Ansible 2.9 or later
Minimum requirements for all operating systems:
-
4 CPUs
-
8 GB RAM
-
For new installations, 100 GB available disk space to install the dynamic attributes connector
If you use a hypervisor:
VMware ESX or ESXi up to 8
We recommend you size your virtual machines as follows:
-
50 connectors, assuming 5 filters per connector and 20,000 workloads: 4 CPUs; 8 GB RAM; 100 GB available disk space
-
125 connectors, assuming 5 filters per connector and 50,000 workloads: 8 CPUs, 16 GB RAM, 100 GB available disk space
Note |
Failure to size your virtual machines properly can cause the dynamic attributes connector to fail or not to start. |
If you wish to use vCenter attributes, we also require:
-
vCenter up to 8
-
VMware Tools must be installed on the virtual machine
Connectors supported in this version:
-
Amazon Web Services security groups
-
Amazon Web Services service tags
For more information, see a resource like What are tags?.
-
Cisco APIC
-
Cisco Cyber Vision
-
GitHub
-
Google Cloud
For more information, see Setting Up Your Environment in the Google Cloud documentation.
-
Microsoft Azure security groups
-
VMware categories and tags managed by vCenter and NSX-T
For more information, see a resource like vSphere Tags and Attributes in the VMware documentation site.
-
Webex IP addresses
-
Zoom IP addresses
List of connectors supported by the Cisco Secure Dynamic Attributes Connector.
|
CSDAC version/platform |
AWS |
AWS security groups |
AWS service tags |
Azure |
Azure Service Tags |
Cisco APIC |
Cisco Cyber Vision |
Generic Text |
GitHub |
Google Cloud |
Microsoft Office 365 |
vCenter |
Webex |
Zoom |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Version 1.1 (on-premises) |
Yes |
No |
No |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
No |
No |
|
Version 2.0 (on-premises) |
Yes |
No |
No |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
Yes |
No |
No |
|
Version 2.2 (on-premises) |
Yes |
No |
No |
Yes |
Yes |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
No |
No |
|
Version 2.3 (on-premises) |
Yes |
No |
No |
Yes |
Yes |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
Version 3.0 (on-premises) |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
Version 3.1 (on-premises) |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
New and Updated Documentation
The following Firepower documentation was updated or is newly available for this release.
Firepower Configuration Guides and Online Help
Online Support Resources
Cisco provides online resources to download documentation, software, and tools, to query bugs, and to open service requests. Use these resources to install and configure Firepower software and to troubleshoot and resolve technical issues.
-
Cisco provides online resources to download documentation, software, and tools, to query bugs, and to open service requests. Use these resources to install and configure Firepower software and to troubleshoot and resolve technical issues.
-
Cisco Bug Search Tool: https://bst.cloudapps.cisco.com/bugsearch
-
Cisco Notification Service: https://www.cisco.com/cisco/support/notifications.html
Access to most tools on the Cisco Support & Download requires a Cisco.com user ID and password.
Contact Cisco
If you cannot resolve an issue using the online resources listed above, contact Cisco TAC:
-
Email Cisco TAC: tac@cisco.com
-
Call Cisco TAC (North America): 1.408.526.7209 or 1.800.553.2447
-
Call Cisco TAC (worldwide): Cisco Worldwide Support Contacts
Feedback