Configuring FXOS Server Access Settings on Firepower 2100 Series Devices

The FXOS Server Access section contains pages for configuring FXOS server access on Firepower 2100 Series devices; FXOS Server Access is under Device Admin in the Device or Policy selector.

note.gif

Noteblank.gif FXOS Server Access is not applicable for devices other than Firepower 2100 Series devices.


The Firepower 2100 Series devices supported by ASA and Cisco Security Manager are:

  • Cisco FPR-2110 Adaptive Security Appliance
  • Cisco FPR-2120 Adaptive Security Appliance
  • Cisco FPR-2130 Adaptive Security Appliance
  • Cisco FPR-2140 Adaptive Security Appliance

This chapter contains the following topics:

HTTPS Page

The HTTPS page allows you to configure the device to access the FXOS server through HTTPS. When you deploy configurations with this protocol, Cisco Security Manager encrypts the configuration file before sending it to the device.

Navigation Path

  • (Device view) Select Platform > Device Admin > FXOS Server Access > HTTPS from the Device Policy selector.
  • (Policy view) Select PIX/ASA/FWSM Platform > Device Admin > FXOS Server Access > HTTPS from the Policy Type selector. Select an existing policy from the Shared Policy selector, or create a new one.

Related Topics

Field Reference

 

Table 53-1 HTTPS Page

Element
Description

Action

The permit action allows configuring the Firepower 2100 Series device with IP address and port. It supports IPv4 and IPv6 addresses.

Interface

The name of the device interface for which the HTTPS is configured. HTTPS cannot be configured on a Bridge Groups (BG) interface.

IP Address

The IP address of the device. It can be an IPv4 or an IPv6 address.

Port

The port on which communications with the FXOS server take place.

Add and Edit HTTPS Dialog Boxes

Use the Add HTTPS Configuration dialog box to create the HTTPS rules. The security appliance will automatically poll this server for image and configuration updates.

The Edit HTTPS Configuration dialog box is identical to the Add HTTPS Configuration dialog box. The following descriptions apply to both.

Navigation Path

You can access the Add and Edit HTTPS Configuration dialog boxes from the HTTPS Page.

Field Reference

 

Table 53-2 Add and Edit HTTPS Configuration Dialog Boxes

Element
Description

Action

Select Permit.

Interface

Click Select and choose the interface. The Bridge Groups (BG) interface cannot be configured with HTTPS.

IP Address

Click Select and choose the IP address of the device that can access the FXOS server. It can be an IPv4 or an IPv6 address.

Port

This value defaults to 3443 when you save the page. You can also enter the port on which communications with the FXOS server should take place.

SSH Page

Use the Secure Shell page to configure port that permit FXOS server access to a Firepower 2100 Series device using the SSH protocol. The rules permit SSH access to a specific IP address and netmask.

Navigation Path

  • (Device view) Select Platform > Device Admin > FXOS Server Access > SSH from the Device Policy selector.
  • (Policy view) Select PIX/ASA/FWSM Platform > Device Admin > FXOS Server Access > SSH from the Policy Type selector. Select an existing policy from the Shared Policy selector, or create a new one.

Related Topics

Field Reference

 

Table 53-3 SSH Page

Element
Description

Action

The permit action allows configuring the Firepower 2100 Series device with IP address and port to access the FXOS server. It supports IPv4 and IPv6 addresses.

Interface

The name of the device interface for which the SSH is configured. SSH cannot be configured on a Bridge Groups (BG) interface.

IP Address

The IP address of the device. It can be an IPv4 or an IPv6 address.

Port

The port on which communications with the FXOS server take place.

Add and Edit SSH Dialog Boxes

Use the Add SSH Configuration dialog box to create the SSH rules. The security appliance will automatically poll this server for image and configuration updates.

The Edit SSH Configuration dialog box is identical to the Add SSH Configuration dialog box. The following descriptions apply to both.

Navigation Path

You can access the Add and Edit SSH Configuration dialog boxes from the SSH Page.

Field Reference

 

Table 53-4 Add and Edit SSH Configuration Dialog Boxes

Element
Description

Action

Select Permit.

Interface

Click Select and choose the interface. The Bridge Groups (BG) interface cannot be configured with SSH.

IP Address

Click Select and choose the IP address of the device that can access the FXOS server. It can be an IPv4 or an IPv6 address.

Port

This value defaults to 3022 when you save the page. You can also enter the port on which communications with the FXOS server should take place.

SNMP Page

SNMP is an application layer protocol that facilitates the exchange of management information between network devices. You can use the SNMP page to configure the Firepower 2100 Series devices for monitoring by SNMP.

Navigation Path

  • (Device view) Select Platform > Device Admin > FXOS Server Access > SNMP from the Device Policy selector.
  • (Policy view) Select PIX/ASA/FWSM Platform > Device Admin > FXOS Server Access > SNMP from the Policy Type selector. Select an existing policy from the Shared Policy selector, or create a new one.

Related Topics

Field Reference

 

Table 53-5 SNMP Page

Element
Description

Action

The permit action allows configuring the Firepower 2100 Series device with IP address and port to access the FXOS server. It supports IPv4 and IPv6 addresses.

Interface

The name of the device interface for which the SNMP is configured. SNMP cannot be configured on a Bridge Groups (BG) interface.

IP Address

The IP address of the device. It can be an IPv4 or an IPv6 address.

Port

The port on which communications with the FXOS server take place.

Add and Edit SNMP Dialog Boxes

Use the Add SNMP Configuration dialog box to create the SNMP rules. The security appliance will automatically poll this server for image and configuration updates.

The Edit SNMP Configuration dialog box is identical to the Add SNMP Configuration dialog box. The following descriptions apply to both.

Navigation Path

You can access the Add and Edit SNMP Configuration dialog boxes from the SNMP Page.

Field Reference

 

Table 53-6 Add and Edit SNMP Configuration Dialog Boxes

Element
Description

Action

Select Permit.

Interface

Click Select and choose the interface. The Bridge Groups (BG) interface cannot be configured with SNMP.

IP Address

Click Select and choose the IP address of the device that can access the FXOS server. It can be an IPv4 or an IPv6 address.

Port

This value defaults to 3161 when you save the page. You can also enter the port on which communications with the FXOS server should take place.