Version Compatibility
The following tables provide a high-level overview of the solution components required to use Secure Network Analytics to store Firewall event data in a Security Analytics and Logging (OnPrem) deployment.
Firewall Appliances
You can deploy the following Firewall appliances:
Solution Component |
Required Version |
Licensing for Security Analytics and Logging (OnPrem) |
Notes |
---|---|---|---|
Firepower Management Center (hardware or virtual) |
v7.0+ For FMC running earlier versions, see https://cisco.com/go/sal-on-prem-docs. |
none |
|
Firepower managed devices |
v7.0+ using the wizard FTD v6.4+ using syslog NGIPS v6.4 |
none |
Secure Network Analytics Appliances
You have the following options for deploying Secure Network Analytics:
-
Single-node - Deploy only a Manager to ingest and store events, and review and query events
-
Multi-node - Deploy a Flow Collector to ingest events, Data Store to store events, and Manager to review and query events
Note
You cannot deploy a mix of Secure Network Analytics hardware and Secure Network Analytics VE appliances.
Solution Component |
Required Version |
Licensing for Security Analytics and Logging (OnPrem) |
Notes |
---|---|---|---|
Manager |
Secure Network Analytics v7.3.1+ |
none |
|
Security Analytics and Logging (OnPrem) app |
Security Analytics and Logging (OnPrem) app v2.0+ |
Logging and Troubleshooting Smart License, based on GB/day |
Install this app on the Manager and configure to enable event ingest |
Solution Component |
Required Version |
Licensing for Security Analytics and Logging (OnPrem) |
Notes |
---|---|---|---|
Manager |
Secure Network Analytics v7.3.2+ |
none |
|
Flow Collector |
Secure Network Analytics v7.3.2+ |
none |
|
Data Store (3 Data Nodes) |
Secure Network Analytics v7.3.2+ |
none |
|
Security Analytics and Logging (OnPrem) app |
Security Analytics and Logging (OnPrem) app v2.0+ |
Logging and Troubleshooting Smart License, based on GB/day |
Install this app on the Manager and configure to enable event ingest |
In addition to these components, you must make sure that all of the appliances can synchronize time using NTP.
If you want to remotely access the Firepower or Secure Network Analytics appliances' consoles, you can enable access over SSH.