2. • Logging into one lab
• Cisco Firepower 6.x Proof of Value v1.x
• Note: This lab can also be used for customer POV’s, just add the FTD
device at the customer location instead of the one in this lab.
• Lab: Adding NGFWv (FTD) to FMCv in dCloud
• You will be Saving (3) Risk Reports
• Refer to the lab guides in the resource section of each lab for the
most up to date, recent information
Lab Explanation
4. Scheduling labs in dCloud
• Check the box next to dCloud
• Browse to https://dcloud.cisco.com
• Select Catalog
• Select Login
• Login in with CCO ID
• In the search bar type in Firepower
• Click Schedule
• Select the Cisco Firepower 6.x Proof of Value v1.x
5. Scheduling labs in dCloud
• Click Schedule a Single Session
• Fill out all mandatory fields on next screen
• Select the date and time
• Click Next
• Click Schedule
6. dCloud Firepower Proof of Value Lab
• Select My Hub from the toolbar
• Browse to https://dcloud.cisco.com
• Select the Region provided by the instructor
• Select Login
• Login in with CCO ID
You will see multiple labs, view the Proof of Value lab
7. Cisco Firepower 6.x Proof of Value v1.x
Capture Relevant Owner and Session ID
• The Dashboard will reflect scheduled sessions
• Select View for the
Cisco Firepower 6.x Proof of Value v1.x
• Select Details
• Note the Owner and Session ID information
• Owner with ‘@’ symbol is not supported
• If ‘@’ is present, use dcloud instead for username
• The password is the Session ID
8. Cisco Firepower 6.x Proof of Value v1.x
Capture relevant Public Address
• Select Details to view Session Details
• Scroll down and note the Public Address
• The Public Address will be used for the FTD
device in the coming steps.
• The Public Address can also be used to reach
the FMC directly without VPN or Remote Desktop
9. Cisco Firepower Proof of Value lab
Connect to Active Directory
• Return to the network topology view
• Select the jumper windows machine and note the
IP Address and Credentials if using VPN
• Click on Remote Desktop
10. Cisco Firepower Proof of Value lab
Connect to Active Directory
• Click on Remote Desktop
• Authenticate with
• Username: dcloudadministrator
• Password: C1sco12345
*Note sometimes you will go right to the
desktop without having to login
11. Cisco Firepower Proof of Value lab
Access Putty
• Select PuTTY on the desktop
• Double click the FTD session or
single click the FTD session and
click Open
12. Cisco Firepower Proof of Value Lab
SSH to NGIPS
• Authenticate with
• Username: admin
• Password: C1sco12345
13. > configure network management-port 8443
Management port changed to 8443.
> configure manager add <FMC IP> <Registration Key> <nat-id>
Manager successfully configured.
Cisco Firepower Proof of Value Lab v1.x
Configure NGIPS via CLI
• Configure FMC IP as Public Address
from dCloud session details-Slide 8
• Change the management-port to 8443
• Use a registration key of C1sco12345
and a nat-id of 12345
• Use number row on your keyboard above the
letters, not the 10key on the right.
• If you typo the manager info, type “configure
manager delete” and re-do the add line
14. Cisco Firepower 6.x Proof of Value Lab v1.x
Login to the FMC
• In the Cisco Firepower 6.x Proof of Value v1.x
Return to your PC and open a browser
• Using HTTPS, connect to the FMC Public Address from dCloud session details noted in slide 8
• Login using Owner for the FMC username and Session ID for the password
170716
XXXXX
XXXXX
15. When logging into FMC you may see this error
Click Advanced
Add Exception
16. Cisco Firepower 6.x Proof of Value v1.x
Add the FTD device to the FMC
• Navigate to Devices > Device Management
• Select Add > Add Device
17. Cisco Firepower 6.x Proof of Value v1.x
Connect FTD to FMC
• Use the Host of 198.18.133.11, Registration Key of C1sco12345
• If using an external FTD device at a customer location, set the Host to be DONTRESOLVE
• Group: None
• Access Control Policy: Cisco POV Access Control Policy
• Select the Protection, Control, Malware, and URL Filtering Licenses
• Expand the Advanced Settings and enter a Unique NAT ID of 12345
• Click Register (it may take about 5 minutes to register)
18. Cisco Firepower Proof of Value Lab v1.x
Verify Connectivity FTD to FMC Connection
• Go to the FTD PuTTy window on the jumper remote desktop
• Use show managers from FTD CLI to confirm FMC IP address and view status
• Once complete, you will not come back to the this remote desktop.
• Everything from here forward is done in the FMC.
•
19. Troubleshooting Steps
FTD to FMC Connection
• Use show managers from FTD CLI to confirm FMC IP address and view status
• Ensure registration key and unique NAT-ID match with FMC
• “configure manager delete” will remove the manager on the FTD device in the “Connection
Lab” if you need to fix the IP, Registration Key, or Unique NAT ID.
> show managers
Host : 64.100.11.49
Registration Key : ***
Registration : Pending
RPC Status :
>
20. Troubleshooting Steps
FTD to FMC Connection
• Enter expert mode
• Use sudo pigtail MSGS to review debugging information
> expert
admin@ftd5506:~$ sudo pigtail MSGS
********************************************************************************
** Displaying logs: HTTP ACTQ DCSM VMSS MOJO NGUI NGFW TCAT VMSB DEPL USMS MSGS
********************************************************************************
[…]
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Connect to 64.100.11.216 on port 8443 -
br1
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Initiate IPv4 connection to 64.100.11.216
(via br1)
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Initiating IPv4 connection to
64.100.11.216:8443/tcp
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Wait to connect to 8443 (IPv6):
64.100.11.216
MSGS: 10-07 02:21:37 ciscoasa sudo: admin : TTY=ttyS1 ; PWD=/home/admin ; USER=root ;
COMMAND=/ngfw/usr/local/sf/bin/pigtail
21. Confirm:
• FTD management-port is 8443
• Registration Key of FTD and FMC match: C1sco12345
• Unique NAT-ID of FTD and FMC match: 12345
• Configured FMC Public IP (not Private IP)
Allow adequate time for the sensor to be added and view pigtail for
current status
Troubleshooting Steps
FTD to FMC Connection
23. Object Management: Edit HOME_NET Variable
• Browse to Objects > Object Management
• Select Variable Set on the left hand side
• Select to edit the Default-Set
25. Object Management
• Click to create a new
Network Object
• Provide a Name i.e. HOME_NET
• Enter Network information that matches the customer
environment, for this lab use the network listed to the right.
192.168.0.0/16
• Click Save
• From the list of Available Networks, select your new
HOME_NET object and click the include button
• Remove any pre-existing included networks so that only
HOME_NET is listed.
• Click Save, Save, Yes.
26. Object Management: Edit Network Discovery
Policy
• Browse to Policies > Network Discovery
• Select to delete the IPv4-Private-All-RFC1918
• Click Yes to confirm
27. Object Management: Edit Network Discovery
Policy
• Select to Add a New Rule
• Select the Users checkbox
• Add the newly created HOME_NET variable to the Available Networks
• Click Save
29. • Navigate to Devices > Device Management
• Select to Edit Device
Configure Passive Interface
30. • A passive interface needs to be configured for the FTD to accept traffic from
the SPAN port or tap on the customer network
• Select next to GigabitEthernet0/2
• The Experimental Light theme may move the pencil icons from the right side to left side and clear out the table.
Go ahead and click the second from the bottom interface and verify it shows GigabitEthernet0/2 when viewing.
Configure Passive Interface
31. Configure Passive Interface
• Name the Zone Passive
• Check the Enabled box
• Set Interface to Passive Mode
• Define a New Security Zone
named Passive
• Click OK, OK, Click Save (in
upper right corner)
32. • Click the Deploy button at top right to push interface configuration to FTD
• Select the checkbox by your FTD device
• Click Deploy
Configure Passive Interface
33. Deployment Status
• View the status of deployment by clicking the green checkmark, it
will change to a blue color and should show the deployments
progress
34. Deployment Status
• At a customer site, the interface status for the passive interface should
turn green when the deployment completes.
• In the dCloud lab, the status is not updated until you change to another
parent tab and come back to the device interface settings.
35. Confirm Traffic Flow to NGIPS
• Browse to Analysis > Connections > Events
• If events are not populating, verify that interfaces are connected, enabled,
and the SPAN port or tap is functional.
37. • Integrated into the FMC with 6.2 or later
• For a real world POV, wait at least 1 week after verifying incoming
connections before generating these risk reports. For this lab, wait 5 to
15 minutes for demo data to populate.
• Browse to Overview > Reporting, Select Report Templates
• Generate:
• Advanced Malware
• Attacks, and
• Network Risk Reports
Risk Reports
38. • Generate Advanced Malware, Attacks, and Network Risk Reports
• Download and Save the reports and send to the Instructor for Proof of
Performance
Risk Reports
Notes de l'éditeur
Changed Cisco Firepower Management Center 6.2 Proof of Value v1 to v1.1
Updated to v1.1
Updated to v1.1
If you click remore desktop in the previous slide you get a new tab in the browser and you are right into the desktop.
Updated slide 11 screenshot to reflect 6.2.2 version
Updated slide 12 to reflect the change in order of the commends to minimize the bug related to Management-Port changing on the next Manager add Command. Also updated the screenshot to reflect the new ordering.
Updated to v1.1
Updated to v1.1
Updated Add Device Screenshot as I did not see VPN check box listed in my lab but it was on the screenshot before.
Don’t’ forget to sanitize appliances after POV engagement.
Added send report to Proctor for Proof of performance to the slide.
Don’t’ forget to sanitize appliances after POV engagement.