DocsYouTube ChannelDevNetApplication DetectorsCisco Defense Orchestrator DocsFirewall How To CommunityAdditional Firewall Learning

What's New in 7.4

Highlight overview of the top deliverables in the release. NOTE: Some highlights will not have associated documentation. To see the full list of 7.4 Release Deliverables, visit New Features in Management Center Version 7.4

Suggest Edits

See More Detect Faster

  • Malware Blocking in TLS Encrypted Sessions (EVE Enhancement) - In 7.3 we made improvements to the Encrypted Visibility Engine (EVE) that enabled it to identify client applications and malware without decryption; With the ability to gain more context around TLS connections without decryption in place, we focused on improving EVE's Malware blocking.
  • Cisco Secure Dynamic Attributes Connector (CSDAC) in Firewall Management Center (FMC) - In a dynamic, software-defined campus & multi-cloud world with changing internet protocol (IP) addresses, static IPs are no longer a reliable policy enforcement attribute. Our solution for this is CSDAC which uses attribute-based policies from multi & hybrid cloud environments to adapt to changes instantaneously. This is why we focused on getting CSDAC in FMC.
  • Wide Area Network (WAN) Summary Dashboard - Cisco Secure Firewall provides simplified branch and WAN capabilities that connects any user to any application, with integration capabilities such as multi-cloud, security, enhanced visibility, & analytics. However, our customers stated that our solution lacked a consolidated dashboard for information about application, device, and path attributes - until now.

Ease of Use

  • Clientless Zero Trust Application Access - For organizations wanting to adopt a Zero Trust Application Security posture, they were previously required to have additional software installed, like AnyConnect, on client devices. Where the client application acted as a proxy and handled authentication and access. As of 7.4, we've added Clientless Zero Trust Application Access.
  • Azure Active Directory (AD) User Identity with Identity Services Engine (ISE) - Azure AD is a cloud-based identity & access management service enabling employees to access external resources, such as Microsoft 365, and thousands of other Software as a Service (SaaS) applications. By integrating Cisco Secure Firewall with Azure AD & ISE, user can receive Azure AD logins from ISE & enforce Access Policy based on Azure AD users and groups.
  • Policy Based Routing(PBR) with User Identity and Security Group Tags(SGT) - This feature provides additional capabilities to steer traffic through Secure Firewall Threat Defense devices by leveraging user identity, AD group membership, or Security Group association(SGTs). These capabilities can coexist with current policy-based routing conditions. Additionally, this allows segregation of traffic based on user identities or SGTs for deployments where differentiated access is required for employees, guest users, and IOT devices.

Lower Total Cost of Ownership (TCO) & Higher Return on Investment (ROI)

  • OpenConfig - Is an open-source project with contributions from network operators, equipment vendors, and the broader community. They define and implement a common, vendor-independent software layer for managing network devices (common data model, streaming telemetry, management protocols, testing & compliance). Seeing this, Cisco has worked with OpenConfig to support Streaming Telemetry in 7.4.
  • 3100 Series Multi-Instance for FTD - Multi-Instance support in the 4100 & 9300 series devices give administrators the ability to create & run multiple independent Firewall Threat Defense (FTD) software instances on the same hardware appliance - with each FTD instance having dedicated hardware resources to provide guaranteed performance per instance & that one instance could not affect another. For 7.4, the 3100 series device now supports Multi-Instance.
  • IPv6 Private/Public Cloud Support - As IPv4 addresses have officially run out in September 2015 (according to ARIN), and more of our customers moving to IPv6 for their networks, Cisco has added support for PKI for OSCP, VxLAN VTEP, FMC/FTD for all Cloud Services, EIGRPv6 support for ASA, FMC BGP IPv6 graceful restart, and Government Certification.
  • Public Cloud Target Failover - In 7.1 we introduced Gateway Load Balancer support for AWS. In 7.2, we introduced Clustering in AWS/GCP. Then in 7.3, we introduced Gateway Load Balancing and Clustering for Azure. Now in 7.4 we have gone back through and filled some gaps, starting with Public Cloud Target Failover.

Updated 7 months ago