Integrate Firepower and Secure Endpoint

If your organization has deployed Cisco's Secure Endpoint product, you can integrate that application with Firepower to achieve the benefits described in Benefits of Integrating Firepower and AMP for Endpoints.

When you integrate with Secure Endpoint, you must configure the Secure Endpoint connection even if you already have malware defense (AMP for Firepower) connections configured. You can configure multiple Secure Endpoint cloud connections.

Note

The Secure Endpoint connections that have not registered successfully does not affect malware defense.

Before you begin

  • You must be an Admin user to perform this task.

  • If your deployment uses Cisco AMP Private Cloud, see limitations at AMP for Endpoints and AMP Private Cloud.

  • Secure Endpoint must be set up and working properly on your network.

  • The management center must have direct access to the Internet.

  • Make sure your management center and Secure Endpoint can communicate with each other. See the topics under Security, Internet Access, and Communication Ports.

  • If you are connecting to the AMP cloud after either restoring your Secure Firewall Management Center to factory defaults or reverting to a previous version, use the AMP for Endpoints management console to remove the previous connection.

  • You will need your Secure Endpoint credentials to log in to the Secure Endpoint console during this procedure.

Procedure

Step 1

Choose Integration > AMP > AMP Management.

Step 2

Click Add AMP Cloud Connection.

Step 3

From the Cloud Name drop-down list, choose the cloud you want to use:

  • The AMP cloud closest to the geographical location of your Secure Firewall Management Center.

    APJC is Asia/Pacific/Japan/China.

Step 4

If you want to use this cloud for both malware defense and Secure Endpoint, select the Use for AMP for Firepower check box.

If you configured a different cloud to handle malware defense (AMP for Firepower) communications, you can clear this check box; if this is your only AMP cloud connection, you cannot.

Step 5

Click Register.

A spinning state icon indicates that a connection is pending, for example, after you configure a connection on the Secure Firewall Management Center, but before you authorize it using the Secure Endpoint management console. A Denied (denied icon) indicates that the cloud denied the connection or the connection failed for another reason.

Step 6

Confirm that you want to continue to the Secure Endpoint management console, then log into the management console.

Step 7

Using the management console, authorize the AMP cloud to send Secure Endpoint data to management center.

Step 8

If you want to restrict the data that the management center receives, select specific groups within your organization for which you want to receive information.

By default, the AMP cloud sends data for all groups. To manage groups, choose Management > Groups on the Secure Endpoint management console. For detailed information, see the management console online help.

Step 9

Click Allow to enable the connection and start the transfer of data.

Clicking Deny returns you to the Secure Firewall Management Center, where the connection is marked as denied. If you navigate away from the Applications page on the Secure Endpoint management console, and neither deny nor allow the connection, the connection is marked as pending on the Secure Firewall Management Center’s web interface. The health monitor does not alert you of a failed connection in either of these situations. If you want to connect to the AMP cloud later, delete the failed or pending connection, then recreate it.

Incomplete registration of the Secure Endpoint connection does not disable the malware defense connection.

Step 10

To verify that the connection is correctly configured:

  1. On the Integration > AMP > AMP Management page, click the Cloud Name that includes AMP for Endpoints in the Cisco AMP Solution Type column.

  2. In the AMP for Endpoints console window that displays, choose Accounts > Applications.

  3. Verify that your management center is on the list.

  4. In the AMP for Endpoints console window, choose Manage > Computers.

  5. Verify that your management center is on the list.

What to do next

  • In the AMP for Endpoints console window, configure settings as needed. For example, define group membership for your management center and assign policies. For information, see the AMP for Endpoints online help or other documentation.

  • In high availability configurations, you must configure AMP cloud connections independently on the Active and Standby instances of the Firepower Management Center; these configurations are not synchronized.

  • The default health policy warns you if the management center cannot connect to the AMP for Endpoints portal after an initial successful connection, or if the connection is deregistered using the AMP portal.

    Verify that the AMP for Endpoints Status monitor is enabled under System > Health > Policy.