Managing Connections to the AMP Cloud (Public or Private)
Use the management center to manage connections to public and private AMP clouds used for malware defense or AMP for Endpoints or both.
You can delete a connection to a public or private AMP cloud if you no longer want to receive malware-related information from the cloud. Note that deregistering a connection using the AMP for Endpoints or AMP private cloud management console does not remove the connection from the system. Deregistered connections display a failed state on the Secure Firewall Management Center web interface.
You can also temporarily disable a connection. When you reenable a cloud connection, the cloud resumes sending data to the system, including queued data from the disabled period.
Caution | For disabled connections, the public or private AMP cloud can store malware events, indications of compromise, and so on until you re-enable the connection. In rare cases—for example, with a very high event rate or a long-term disabled connection—the cloud may not be able to store all information generated while the connection is disabled. |
In a multidomain deployment, the system displays connections created in the current domain, which you can manage. It also displays connections created in ancestor domains, which you cannot manage. To manage connections in a lower domain, switch to that domain. Each management center can have only one malware defense connection, which belongs to the Global domain.
Procedure
Step 1 | Select . |
Step 2 | Manage your AMP cloud connections:
|
)What to do next
In high availability configurations, you must configure AMP cloud connections independently on the Active and Standby instances of the Firepower Management Center; these configurations are not synchronized.