History for Interfaces

Feature

Minimum Management Center

Minimum Threat Defense

Details

Loopback and Management type interface group objects

Any

7.4

You can now create interface group objects that include only management-only interfaces or only loopback interfaces. You can then use these groups for management features such as DNS servers, HTTP access, or SSH. Loopback groups are supported for any feature that supports loopback interfaces. Note that DNS does not support management interfaces.

New/Modified screens: Objects > Object Management > Interface > Add > Interface Group

Merged Management and Diagnostic interfaces

Any

7.4

For new devices using 7.4 and later, you cannot use the legacy Diagnostic interface. Only the merged Management interface is available. If you upgraded to 7.4 or later, and you did not have any configuration for the Diagnostic interface, then the interfaces will merge automatically.

If you upgraded to 7.4 or later, and you have configuration for the Diagnostic interface, then you have the choice to merge the interfaces manually, or you can continue to use the separate Diagnostic interface. Note that support for the Diagnostic interface will be removed in a later release, so you should plan to merge the interfaces as soon as possible.

Merged mode also changes the behavior of AAA traffic to use the data routing table by default. The management-only routing table can now only be used if you specify the management-only interface (including Management) in the configuration.

New/Modified screens: Devices > Device Management > Interfaces

New/Modified commands: show management-interface convergence

Default Forward Error Correction (FEC) on Secure Firewall 3100 fixed ports changed to Clause 108 RS-FEC from Clause 74 FC-FEC for 25 GB+ SR, CSR, and LR transceivers

Any

7.2.4/7.3

When you set the FEC to Auto on the Secure Firewall 3100 fixed ports, the default type is now set to Clause 108 RS-FEC instead of Clause 74 FC-FEC for 25 GB+ SR, CSR, and LR transceivers.

Supported platforms: Secure Firewall 3100

LLDP support for the Firepower 2100, Secure Firewall 3100

Any

7.2

You can enable Link Layer Discovery Protocol (LLDP) for Firepower 2100 and Secure Firewall 3100 interfaces.

New/Modified screens:

Devices > Device Management > Interfaces > Hardware Configuration > Network Connectivity

New/Modified commands: show lldp status, show lldp neighbors, show lldp statistics

Supported platforms: Firepower 2100, Secure Firewall 3100

Pause Frames for Flow Control for the Secure Firewall 3100

Any

7.2

If you have a traffic burst, dropped packets can occur if the burst exceeds the buffering capacity of the FIFO buffer on the NIC and the receive ring buffers. Enabling pause frames for flow control can alleviate this issue.

New/Modified screens: Devices > Device Management > Interfaces > Hardware Configuration > Network Connectivity

Supported platforms: Secure Firewall 3100

Support for Forward Error Correction for the Secure Firewall 3100

Any

7.1

Secure Firewall 3100 25 Gbps interfaces support Forward Error Correction (FEC). FEC is enabled by default and set to Auto.

New/Modified screens: Devices > Device Management > Interfaces > Edit Physical Interface > Hardware Configuration

Support for setting the speed based on the SFP for the Secure Firewall 3100

Any

7.1

The Secure Firewall 3100 supports speed detection for interfaces based on the SFP installed. Detect SFP is enabled by default. This option is useful if you later change the network module to a different model, and want the speed to update automatically.

New/Modified screens: Devices > Device Management > Interfaces > Edit Physical Interface > Hardware Configuration

LLDP support for the Firepower 1100

Any

7.1

You can enable Link Layer Discovery Protocol (LLDP) for Firepower 1100 interfaces.

New/Modified screens: Devices > Device Management > Interfaces > Hardware Configuration > LLDP

New/Modified commands: show lldp status, show lldp neighbors, show lldp statistics

Supported platforms: Firepower 1100

Interface auto-negotiation is now set independently from speed and duplex, interface sync improved

Any

7.1

Interface auto-negotiation is now set independently from speed and duplex. Also, when you sync the interfaces in management center, hardware changes are detected more effectively.

New/Modified screens: Devices > Device Management > Interfaces > Hardware Configuration > Speed

Supported platforms: Firepower 1000, 2100, Secure Firewall 3100

Firepower 1100/2100 series fiber interfaces now support disabling auto-negotiation

Any

6.7

You can now configure a Firepower 1100/2100 series fiber interface to disable flow control and link status negotiation.

Previously, when you set the fiber interface speed (1000 or 10000 Mbps) on these devices, flow control and link status negotiation was automatically enabled. You could not disable it.

Now, you can deselect Auto-negotiation and set the speed to 1000 to disable flow control and link status negotiation. You cannot disable negotiation at 10000 Mbps.

New/modified screens: Devices > Device Management > Interfaces > Hardware Configuration > Speed

Supported platforms: Firepower 1100, 2100