Firepower Connections to Internet Servers

Available Languages

Updated:May 4, 2018
Document ID:213260

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes the outbound internet connections by firepower devices in order to meet network security requirements.

    Firepower Connections to Internet Servers

    Firepower devices require outbound connections to Internet Servers for network security requirements.

    Either the FMC, firepower or FTD devices make both on demand and scheduled outbound connections to Internet Servers for network security services that are active on the device. These services are enabled by the appropriate licenses for advanced features like malware protection, URL filtering etc. 

    Note: For more information on licensing and usage, refer to the appropriate configuration guides relevant to your product and version.

    Here are the Internet Server websites:

    • cloud-sa.amp.sourcefire.com
      • Advanced Malware Protection (AMP) cloud base intelligence (only reached with Malware Lic.)
    • cloud-sa-589592150.us-east-1.elb.amazonaws.com.
      • AMP cloud base intelligence (only reached with Malware Lic.)
    • database.brightcloud.com                                    
      • Cloud based URL classification and reputation service (only reached if URL Filtering feature is enabled)
    • service.brightcloud.com                                       
      • Cloud based URL classification and reputation service (only reached if URL Filtering feature is enabled)
    • amp.updates.vrt.sourcefire.com                            
      • Cisco Talos
    • intelligence.sourcefire.com                                  
      • Cisco Talos (only reached if using the Security Intelligence feature)
    • sourcefire.com
      • Auto download updates
    • panacea.threatgrid.com                                               
      • Threatgrid service for malware
    • blogs.cisco.com/talos or cloud.google.com                    
      • Threat intelligence for Cisco Products – Contacts google cloud. (it is active by Default)
    • tools.cisco.com
      • Smart licensing
    • updates.vrt.sourcefire.com
      • Clam updates
    • api.sse.cisco.com:8989
      • SSE for telemetry

    For firepower with AMP enabled, refer to this doc link for the external servers:

    https://www.cisco.com/c/en/us/support/docs/security/sourcefire-amp-appliances/118121-technote-sourcefire-00.html

    Revision History

    Revision Publish Date Comments
    1.0
    25-Apr-2018
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Mike Barnack
      Cisco TAC Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products