Firepower Threat Defence 6.2
Today, FTD 6.2 was released. In this blog post, I'd like to summarise the new and improved features in this version. I may get into deployments and upgrades in a future post if there's interest.
The migration tool has finally been released! This is probably the most exciting feature in this release.
This is used for migrating from ASA with Firepower Services to FTD. Previously, a migration required recreating all the ASA rules (ACLs, NATs, objects) from scratch. A bit of a killer in my opinion.
Now, the migration tool will automate this process. It will allow up to 600,000 elements to be migrated, which should be enough for most deployments. According to the release notes, this requires the use of the virtual FMC on VMWare or KVM. Not really sure why this is not supported on the physical FMC.
Take note, this is for migrating rules and objects. This is not for upgrading / migrating the software.
Clustering is a feature I've wanted for some time. Well, now it's here! But only on the Firepower appliances...
So, a bit of a highlight and a sad note at the same time. Great news for anyone with a 4100 or 9300, not so great for anyone with 5500's.
Indications of Compromise
IOC's have been upgraded to take users into account. Now IOC's can be used to correlate events with hosts and users.
New nanagement features include:
- REST API - Can be used to configure and create interfaces. A good option for ACI
- FlexConfig - Deploy ASA templates. Enables additional new sub features such as inspections
- PKI for FMC - Associate PKI certificates with devices in FMC
- ThreatGrid Integration
- PKI with Site-to-Site VPN - Use certificates with VPNs. Previously this required preshared keys
FTD virtual edition can now be used in the Azure cloud.
On the 5506 models, IRB (Integrated Bridging and Routing) has been added. This enables multiple physical interfaces to be in the same VLAN. Essentially, this allows a 5506 ASA to be in routed mode, and still have a bridge configured. In short, this allows Layer-2 switching between interfaces.
The old ASA Packet Tracer is back! This is a really useful tool for simulating different types of traffic through the ASA, to see if it's allowed or not. I have found this immensely useful on the ASA in the past, and I'm glad to see that it's now in FTD as well.
Bulk URL lookup is now supported. This is for looking up URLs to get reputation and other information. Previously this was a manual task, but now up to 250 URLs can be queried at once.
There have been a few policy improvements. Previously, if there were certain failures, the SNORT processes would be restarted to handle the fault. This is not always ideal, so now there is a policy option to favour either Security or Continuity.
Additionally, the following features have been improved:
- ISE and Security Group Tags (SGT)
- Latency based performance settings
- Certificates that don't have private keys can be imported
This blog post has just been a quick sampler to the changes in FTD 6.2.