SlideShare une entreprise Scribd logo

Fjbt fy20 ns_ngfw_pov_lab_6_5

Télécharger en tant que PPTX, PDF
I
ib_cims

Cisco NGFW

Technologie
1  sur  39
Fire Jumper Program GSSO Channel Engineering Network Security POV Lab
• Logging into one lab • Cisco Firepower 6.x Proof of Value v1.x • Note: This lab can also be used for customer POV’s, just add the FTD device at the customer location instead of the one in this lab. • Lab: Adding NGFWv (FTD) to FMCv in dCloud • You will be Saving (3) Risk Reports • Refer to the lab guides in the resource section of each lab for the most up to date, recent information Lab Explanation
dCloud Proof of Value FTD Lab
Scheduling labs in dCloud • Check the box next to dCloud • Browse to https://dcloud.cisco.com • Select Catalog • Select Login • Login in with CCO ID • In the search bar type in Firepower • Click Schedule • Select the Cisco Firepower 6.x Proof of Value v1.x
Scheduling labs in dCloud • Click Schedule a Single Session • Fill out all mandatory fields on next screen • Select the date and time • Click Next • Click Schedule
dCloud Firepower Proof of Value Lab • Select My Hub from the toolbar • Browse to https://dcloud.cisco.com • Select the Region provided by the instructor • Select Login • Login in with CCO ID You will see multiple labs, view the Proof of Value lab
Cisco Firepower 6.x Proof of Value v1.x Capture Relevant Owner and Session ID • The Dashboard will reflect scheduled sessions • Select View for the Cisco Firepower 6.x Proof of Value v1.x • Select Details • Note the Owner and Session ID information • Owner with ‘@’ symbol is not supported • If ‘@’ is present, use dcloud instead for username • The password is the Session ID
Cisco Firepower 6.x Proof of Value v1.x Capture relevant Public Address • Select Details to view Session Details • Scroll down and note the Public Address • The Public Address will be used for the FTD device in the coming steps. • The Public Address can also be used to reach the FMC directly without VPN or Remote Desktop
Cisco Firepower Proof of Value lab Connect to Active Directory • Return to the network topology view • Select the jumper windows machine and note the IP Address and Credentials if using VPN • Click on Remote Desktop
Cisco Firepower Proof of Value lab Connect to Active Directory • Click on Remote Desktop • Authenticate with • Username: dcloudadministrator • Password: C1sco12345 *Note sometimes you will go right to the desktop without having to login
Cisco Firepower Proof of Value lab Access Putty • Select PuTTY on the desktop • Double click the FTD session or single click the FTD session and click Open
Cisco Firepower Proof of Value Lab SSH to NGIPS • Authenticate with • Username: admin • Password: C1sco12345
> configure network management-port 8443 Management port changed to 8443. > configure manager add <FMC IP> <Registration Key> <nat-id> Manager successfully configured. Cisco Firepower Proof of Value Lab v1.x Configure NGIPS via CLI • Configure FMC IP as Public Address from dCloud session details-Slide 8 • Change the management-port to 8443 • Use a registration key of C1sco12345 and a nat-id of 12345 • Use number row on your keyboard above the letters, not the 10key on the right. • If you typo the manager info, type “configure manager delete” and re-do the add line
Cisco Firepower 6.x Proof of Value Lab v1.x Login to the FMC • In the Cisco Firepower 6.x Proof of Value v1.x Return to your PC and open a browser • Using HTTPS, connect to the FMC Public Address from dCloud session details noted in slide 8 • Login using Owner for the FMC username and Session ID for the password 170716 XXXXX XXXXX
When logging into FMC you may see this error Click Advanced Add Exception
Cisco Firepower 6.x Proof of Value v1.x Add the FTD device to the FMC • Navigate to Devices > Device Management • Select Add > Add Device
Cisco Firepower 6.x Proof of Value v1.x Connect FTD to FMC • Use the Host of 198.18.133.11, Registration Key of C1sco12345 • If using an external FTD device at a customer location, set the Host to be DONTRESOLVE • Group: None • Access Control Policy: Cisco POV Access Control Policy • Select the Protection, Control, Malware, and URL Filtering Licenses • Expand the Advanced Settings and enter a Unique NAT ID of 12345 • Click Register (it may take about 5 minutes to register)
Cisco Firepower Proof of Value Lab v1.x Verify Connectivity FTD to FMC Connection • Go to the FTD PuTTy window on the jumper remote desktop • Use show managers from FTD CLI to confirm FMC IP address and view status • Once complete, you will not come back to the this remote desktop. • Everything from here forward is done in the FMC. •
Troubleshooting Steps FTD to FMC Connection • Use show managers from FTD CLI to confirm FMC IP address and view status • Ensure registration key and unique NAT-ID match with FMC • “configure manager delete” will remove the manager on the FTD device in the “Connection Lab” if you need to fix the IP, Registration Key, or Unique NAT ID. > show managers Host : 64.100.11.49 Registration Key : *** Registration : Pending RPC Status : >
Troubleshooting Steps FTD to FMC Connection • Enter expert mode • Use sudo pigtail MSGS to review debugging information > expert admin@ftd5506:~$ sudo pigtail MSGS ******************************************************************************** ** Displaying logs: HTTP ACTQ DCSM VMSS MOJO NGUI NGFW TCAT VMSB DEPL USMS MSGS ******************************************************************************** […] MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Connect to 64.100.11.216 on port 8443 - br1 MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Initiate IPv4 connection to 64.100.11.216 (via br1) MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Initiating IPv4 connection to 64.100.11.216:8443/tcp MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Wait to connect to 8443 (IPv6): 64.100.11.216 MSGS: 10-07 02:21:37 ciscoasa sudo: admin : TTY=ttyS1 ; PWD=/home/admin ; USER=root ; COMMAND=/ngfw/usr/local/sf/bin/pigtail
Confirm: • FTD management-port is 8443 • Registration Key of FTD and FMC match: C1sco12345 • Unique NAT-ID of FTD and FMC match: 12345 • Configured FMC Public IP (not Private IP) Allow adequate time for the sensor to be added and view pigtail for current status Troubleshooting Steps FTD to FMC Connection
Configuration Object Management
Object Management: Edit HOME_NET Variable • Browse to Objects > Object Management • Select Variable Set on the left hand side • Select to edit the Default-Set
Object Management: Edit HOME_NET Variable • Select next to HOME_NET
Object Management • Click to create a new Network Object • Provide a Name i.e. HOME_NET • Enter Network information that matches the customer environment, for this lab use the network listed to the right. 192.168.0.0/16 • Click Save • From the list of Available Networks, select your new HOME_NET object and click the include button • Remove any pre-existing included networks so that only HOME_NET is listed. • Click Save, Save, Yes.
Object Management: Edit Network Discovery Policy • Browse to Policies > Network Discovery • Select to delete the IPv4-Private-All-RFC1918 • Click Yes to confirm
Object Management: Edit Network Discovery Policy • Select to Add a New Rule • Select the Users checkbox • Add the newly created HOME_NET variable to the Available Networks • Click Save
Configuration Configure Passive Interface
• Navigate to Devices > Device Management • Select to Edit Device Configure Passive Interface
• A passive interface needs to be configured for the FTD to accept traffic from the SPAN port or tap on the customer network • Select next to GigabitEthernet0/2 • The Experimental Light theme may move the pencil icons from the right side to left side and clear out the table. Go ahead and click the second from the bottom interface and verify it shows GigabitEthernet0/2 when viewing. Configure Passive Interface
Configure Passive Interface • Name the Zone Passive • Check the Enabled box • Set Interface to Passive Mode • Define a New Security Zone named Passive • Click OK, OK, Click Save (in upper right corner)
• Click the Deploy button at top right to push interface configuration to FTD • Select the checkbox by your FTD device • Click Deploy Configure Passive Interface
Deployment Status • View the status of deployment by clicking the green checkmark, it will change to a blue color and should show the deployments progress
Deployment Status • At a customer site, the interface status for the passive interface should turn green when the deployment completes. • In the dCloud lab, the status is not updated until you change to another parent tab and come back to the device interface settings.
Confirm Traffic Flow to NGIPS • Browse to Analysis > Connections > Events • If events are not populating, verify that interfaces are connected, enabled, and the SPAN port or tap is functional.
Risk Reports
• Integrated into the FMC with 6.2 or later • For a real world POV, wait at least 1 week after verifying incoming connections before generating these risk reports. For this lab, wait 5 to 15 minutes for demo data to populate. • Browse to Overview > Reporting, Select Report Templates • Generate: • Advanced Malware • Attacks, and • Network Risk Reports Risk Reports
• Generate Advanced Malware, Attacks, and Network Risk Reports • Download and Save the reports and send to the Instructor for Proof of Performance Risk Reports
Fjbt fy20 ns_ngfw_pov_lab_6_5

Recommandé

Prévention et détection des mouvements latéraux
Prévention et détection des mouvements latérauxPrévention et détection des mouvements latéraux
Prévention et détection des mouvements latérauxColloqueRISQ
 
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...Yan Vugenfirer
 
Microsoft Hardware Certification Kit (HCK) setup
Microsoft Hardware Certification Kit (HCK) setupMicrosoft Hardware Certification Kit (HCK) setup
Microsoft Hardware Certification Kit (HCK) setupYan Vugenfirer
 
QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...
QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...
QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...Yan Vugenfirer
 
Nika it consulting report
Nika it consulting reportNika it consulting report
Nika it consulting reportRod Delwar
 
VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC
VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC
VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC VMworld
 
Implementing SR-IOv failover for Windows guests during live migration
Implementing SR-IOv failover for Windows guests during live migrationImplementing SR-IOv failover for Windows guests during live migration
Implementing SR-IOv failover for Windows guests during live migrationYan Vugenfirer
 
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers (KVM Forum 2021)
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers (KVM Forum 2021)HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers (KVM Forum 2021)
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers (KVM Forum 2021)KostiantynKostiuk
 

Recommandé

Prévention et détection des mouvements latéraux
Prévention et détection des mouvements latérauxPrévention et détection des mouvements latéraux
Prévention et détection des mouvements latérauxColloqueRISQ
 
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...Yan Vugenfirer
 
Microsoft Hardware Certification Kit (HCK) setup
Microsoft Hardware Certification Kit (HCK) setupMicrosoft Hardware Certification Kit (HCK) setup
Microsoft Hardware Certification Kit (HCK) setupYan Vugenfirer
 
QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...
QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...
QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...Yan Vugenfirer
 
Nika it consulting report
Nika it consulting reportNika it consulting report
Nika it consulting reportRod Delwar
 
VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC
VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC
VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC VMworld
 
Implementing SR-IOv failover for Windows guests during live migration
Implementing SR-IOv failover for Windows guests during live migrationImplementing SR-IOv failover for Windows guests during live migration
Implementing SR-IOv failover for Windows guests during live migrationYan Vugenfirer
 
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers (KVM Forum 2021)
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers (KVM Forum 2021)HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers (KVM Forum 2021)
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers (KVM Forum 2021)KostiantynKostiuk
 
Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtubeDhruv Sharma
 
Solution Manager Technical Monitoring - BOBJ (Part 2 of 3 - Auto-Configure)
Solution Manager Technical Monitoring - BOBJ (Part 2 of 3 - Auto-Configure)Solution Manager Technical Monitoring - BOBJ (Part 2 of 3 - Auto-Configure)
Solution Manager Technical Monitoring - BOBJ (Part 2 of 3 - Auto-Configure)Linh Nguyen
 
Fire Eye Appliance Quick Start
Fire Eye Appliance Quick StartFire Eye Appliance Quick Start
Fire Eye Appliance Quick StartContent Rules, Inc.
 
AltiGen Advanced Call Router Manual
AltiGen Advanced Call Router ManualAltiGen Advanced Call Router Manual
AltiGen Advanced Call Router ManualCTI Communications
 
System installation in CCTV
System installation in CCTVSystem installation in CCTV
System installation in CCTVhepzijustin
 
ConnectTheDots - My Galileo based weather station and first entry into IoT
ConnectTheDots - My Galileo based weather station and first entry into IoTConnectTheDots - My Galileo based weather station and first entry into IoT
ConnectTheDots - My Galileo based weather station and first entry into IoTJoe Healy
 
Intro to Automation Using Perfecto's CQ Lab
Intro to Automation Using Perfecto's CQ LabIntro to Automation Using Perfecto's CQ Lab
Intro to Automation Using Perfecto's CQ LabLizzy Guido (she/her)
 
T hin client configuration
T hin client configurationT hin client configuration
T hin client configurationALICO HI-TECH INSTITUTES
 
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....Denis Gundarev
 
Workshop lab 2020
Workshop lab 2020Workshop lab 2020
Workshop lab 2020JimCarver9
 
IIoT Platform Setup.pptx
IIoT Platform Setup.pptxIIoT Platform Setup.pptx
IIoT Platform Setup.pptxIrshadHashim2
 
BOX of Illusion MOSEC'17
BOX of Illusion MOSEC'17BOX of Illusion MOSEC'17
BOX of Illusion MOSEC'17Python0x0
 
Install Salsa Windows 2012 Three Servers
Install Salsa Windows 2012 Three ServersInstall Salsa Windows 2012 Three Servers
Install Salsa Windows 2012 Three ServersOscar OLVERA-IRIGOYEN, Ph.D
 
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...Howard Greenberg
 
[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and IT[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and ITSite24x7
 
Windows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterpriseWindows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterprise247infotech
 
Uk Nuke Rpx Authentication For Dot Net Nuke
Uk Nuke Rpx Authentication For Dot Net NukeUk Nuke Rpx Authentication For Dot Net Nuke
Uk Nuke Rpx Authentication For Dot Net NukeStuart Lodge
 
Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014Miguel Zuniga
 
Configuring sonic wall__port_forwarding
Configuring sonic wall__port_forwardingConfiguring sonic wall__port_forwarding
Configuring sonic wall__port_forwardingHelmer Villarreal
 
Taishaun_OwnensCNS-533_Lab
Taishaun_OwnensCNS-533_LabTaishaun_OwnensCNS-533_Lab
Taishaun_OwnensCNS-533_LabTaishaun Owens
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDubai Multi Commodity Centre
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Contenu connexe

Similaire à Fjbt fy20 ns_ngfw_pov_lab_6_5

Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtubeDhruv Sharma
 
Solution Manager Technical Monitoring - BOBJ (Part 2 of 3 - Auto-Configure)
Solution Manager Technical Monitoring - BOBJ (Part 2 of 3 - Auto-Configure)Solution Manager Technical Monitoring - BOBJ (Part 2 of 3 - Auto-Configure)
Solution Manager Technical Monitoring - BOBJ (Part 2 of 3 - Auto-Configure)Linh Nguyen
 
AltiGen Advanced Call Router Manual
AltiGen Advanced Call Router ManualAltiGen Advanced Call Router Manual
AltiGen Advanced Call Router ManualCTI Communications
 
System installation in CCTV
System installation in CCTVSystem installation in CCTV
System installation in CCTVhepzijustin
 
ConnectTheDots - My Galileo based weather station and first entry into IoT
ConnectTheDots - My Galileo based weather station and first entry into IoTConnectTheDots - My Galileo based weather station and first entry into IoT
ConnectTheDots - My Galileo based weather station and first entry into IoTJoe Healy
 
Intro to Automation Using Perfecto's CQ Lab
Intro to Automation Using Perfecto's CQ LabIntro to Automation Using Perfecto's CQ Lab
Intro to Automation Using Perfecto's CQ LabLizzy Guido (she/her)
 
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....Denis Gundarev
 
Workshop lab 2020
Workshop lab 2020Workshop lab 2020
Workshop lab 2020JimCarver9
 
IIoT Platform Setup.pptx
IIoT Platform Setup.pptxIIoT Platform Setup.pptx
IIoT Platform Setup.pptxIrshadHashim2
 
BOX of Illusion MOSEC'17
BOX of Illusion MOSEC'17BOX of Illusion MOSEC'17
BOX of Illusion MOSEC'17Python0x0
 
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...Howard Greenberg
 
[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and IT[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and ITSite24x7
 
Windows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterpriseWindows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterprise247infotech
 
Uk Nuke Rpx Authentication For Dot Net Nuke
Uk Nuke Rpx Authentication For Dot Net NukeUk Nuke Rpx Authentication For Dot Net Nuke
Uk Nuke Rpx Authentication For Dot Net NukeStuart Lodge
 
Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014Miguel Zuniga
 
Configuring sonic wall__port_forwarding
Configuring sonic wall__port_forwardingConfiguring sonic wall__port_forwarding
Configuring sonic wall__port_forwardingHelmer Villarreal
 
Taishaun_OwnensCNS-533_Lab
Taishaun_OwnensCNS-533_LabTaishaun_OwnensCNS-533_Lab
Taishaun_OwnensCNS-533_LabTaishaun Owens
 

Similaire à Fjbt fy20 ns_ngfw_pov_lab_6_5 (20)

Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtube
 
Solution Manager Technical Monitoring - BOBJ (Part 2 of 3 - Auto-Configure)
Solution Manager Technical Monitoring - BOBJ (Part 2 of 3 - Auto-Configure)Solution Manager Technical Monitoring - BOBJ (Part 2 of 3 - Auto-Configure)
Solution Manager Technical Monitoring - BOBJ (Part 2 of 3 - Auto-Configure)
 
Fire Eye Appliance Quick Start
Fire Eye Appliance Quick StartFire Eye Appliance Quick Start
Fire Eye Appliance Quick Start
 
AltiGen Advanced Call Router Manual
AltiGen Advanced Call Router ManualAltiGen Advanced Call Router Manual
AltiGen Advanced Call Router Manual
 
System installation in CCTV
System installation in CCTVSystem installation in CCTV
System installation in CCTV
 
ConnectTheDots - My Galileo based weather station and first entry into IoT
ConnectTheDots - My Galileo based weather station and first entry into IoTConnectTheDots - My Galileo based weather station and first entry into IoT
ConnectTheDots - My Galileo based weather station and first entry into IoT
 
Intro to Automation Using Perfecto's CQ Lab
Intro to Automation Using Perfecto's CQ LabIntro to Automation Using Perfecto's CQ Lab
Intro to Automation Using Perfecto's CQ Lab
 
T hin client configuration
T hin client configurationT hin client configuration
T hin client configuration
 
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
 
Workshop lab 2020
Workshop lab 2020Workshop lab 2020
Workshop lab 2020
 
IIoT Platform Setup.pptx
IIoT Platform Setup.pptxIIoT Platform Setup.pptx
IIoT Platform Setup.pptx
 
BOX of Illusion MOSEC'17
BOX of Illusion MOSEC'17BOX of Illusion MOSEC'17
BOX of Illusion MOSEC'17
 
Install Salsa Windows 2012 Three Servers
Install Salsa Windows 2012 Three ServersInstall Salsa Windows 2012 Three Servers
Install Salsa Windows 2012 Three Servers
 
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
 
[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and IT[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and IT
 
Windows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterpriseWindows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterprise
 
Uk Nuke Rpx Authentication For Dot Net Nuke
Uk Nuke Rpx Authentication For Dot Net NukeUk Nuke Rpx Authentication For Dot Net Nuke
Uk Nuke Rpx Authentication For Dot Net Nuke
 
Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014
 
Configuring sonic wall__port_forwarding
Configuring sonic wall__port_forwardingConfiguring sonic wall__port_forwarding
Configuring sonic wall__port_forwarding
 
Taishaun_OwnensCNS-533_Lab
Taishaun_OwnensCNS-533_LabTaishaun_OwnensCNS-533_Lab
Taishaun_OwnensCNS-533_Lab
 

Dernier

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 

Dernier (20)

DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 

Fjbt fy20 ns_ngfw_pov_lab_6_5

  • 1. Fire Jumper Program GSSO Channel Engineering Network Security POV Lab
  • 2. • Logging into one lab • Cisco Firepower 6.x Proof of Value v1.x • Note: This lab can also be used for customer POV’s, just add the FTD device at the customer location instead of the one in this lab. • Lab: Adding NGFWv (FTD) to FMCv in dCloud • You will be Saving (3) Risk Reports • Refer to the lab guides in the resource section of each lab for the most up to date, recent information Lab Explanation
  • 4. Scheduling labs in dCloud • Check the box next to dCloud • Browse to https://dcloud.cisco.com • Select Catalog • Select Login • Login in with CCO ID • In the search bar type in Firepower • Click Schedule • Select the Cisco Firepower 6.x Proof of Value v1.x
  • 5. Scheduling labs in dCloud • Click Schedule a Single Session • Fill out all mandatory fields on next screen • Select the date and time • Click Next • Click Schedule
  • 6. dCloud Firepower Proof of Value Lab • Select My Hub from the toolbar • Browse to https://dcloud.cisco.com • Select the Region provided by the instructor • Select Login • Login in with CCO ID You will see multiple labs, view the Proof of Value lab
  • 7. Cisco Firepower 6.x Proof of Value v1.x Capture Relevant Owner and Session ID • The Dashboard will reflect scheduled sessions • Select View for the Cisco Firepower 6.x Proof of Value v1.x • Select Details • Note the Owner and Session ID information • Owner with ‘@’ symbol is not supported • If ‘@’ is present, use dcloud instead for username • The password is the Session ID
  • 8. Cisco Firepower 6.x Proof of Value v1.x Capture relevant Public Address • Select Details to view Session Details • Scroll down and note the Public Address • The Public Address will be used for the FTD device in the coming steps. • The Public Address can also be used to reach the FMC directly without VPN or Remote Desktop
  • 9. Cisco Firepower Proof of Value lab Connect to Active Directory • Return to the network topology view • Select the jumper windows machine and note the IP Address and Credentials if using VPN • Click on Remote Desktop
  • 10. Cisco Firepower Proof of Value lab Connect to Active Directory • Click on Remote Desktop • Authenticate with • Username: dcloudadministrator • Password: C1sco12345 *Note sometimes you will go right to the desktop without having to login
  • 11. Cisco Firepower Proof of Value lab Access Putty • Select PuTTY on the desktop • Double click the FTD session or single click the FTD session and click Open
  • 12. Cisco Firepower Proof of Value Lab SSH to NGIPS • Authenticate with • Username: admin • Password: C1sco12345
  • 13. > configure network management-port 8443 Management port changed to 8443. > configure manager add <FMC IP> <Registration Key> <nat-id> Manager successfully configured. Cisco Firepower Proof of Value Lab v1.x Configure NGIPS via CLI • Configure FMC IP as Public Address from dCloud session details-Slide 8 • Change the management-port to 8443 • Use a registration key of C1sco12345 and a nat-id of 12345 • Use number row on your keyboard above the letters, not the 10key on the right. • If you typo the manager info, type “configure manager delete” and re-do the add line
  • 14. Cisco Firepower 6.x Proof of Value Lab v1.x Login to the FMC • In the Cisco Firepower 6.x Proof of Value v1.x Return to your PC and open a browser • Using HTTPS, connect to the FMC Public Address from dCloud session details noted in slide 8 • Login using Owner for the FMC username and Session ID for the password 170716 XXXXX XXXXX
  • 15. When logging into FMC you may see this error Click Advanced Add Exception
  • 16. Cisco Firepower 6.x Proof of Value v1.x Add the FTD device to the FMC • Navigate to Devices > Device Management • Select Add > Add Device
  • 17. Cisco Firepower 6.x Proof of Value v1.x Connect FTD to FMC • Use the Host of 198.18.133.11, Registration Key of C1sco12345 • If using an external FTD device at a customer location, set the Host to be DONTRESOLVE • Group: None • Access Control Policy: Cisco POV Access Control Policy • Select the Protection, Control, Malware, and URL Filtering Licenses • Expand the Advanced Settings and enter a Unique NAT ID of 12345 • Click Register (it may take about 5 minutes to register)
  • 18. Cisco Firepower Proof of Value Lab v1.x Verify Connectivity FTD to FMC Connection • Go to the FTD PuTTy window on the jumper remote desktop • Use show managers from FTD CLI to confirm FMC IP address and view status • Once complete, you will not come back to the this remote desktop. • Everything from here forward is done in the FMC. •
  • 19. Troubleshooting Steps FTD to FMC Connection • Use show managers from FTD CLI to confirm FMC IP address and view status • Ensure registration key and unique NAT-ID match with FMC • “configure manager delete” will remove the manager on the FTD device in the “Connection Lab” if you need to fix the IP, Registration Key, or Unique NAT ID. > show managers Host : 64.100.11.49 Registration Key : *** Registration : Pending RPC Status : >
  • 20. Troubleshooting Steps FTD to FMC Connection • Enter expert mode • Use sudo pigtail MSGS to review debugging information > expert admin@ftd5506:~$ sudo pigtail MSGS ******************************************************************************** ** Displaying logs: HTTP ACTQ DCSM VMSS MOJO NGUI NGFW TCAT VMSB DEPL USMS MSGS ******************************************************************************** […] MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Connect to 64.100.11.216 on port 8443 - br1 MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Initiate IPv4 connection to 64.100.11.216 (via br1) MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Initiating IPv4 connection to 64.100.11.216:8443/tcp MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Wait to connect to 8443 (IPv6): 64.100.11.216 MSGS: 10-07 02:21:37 ciscoasa sudo: admin : TTY=ttyS1 ; PWD=/home/admin ; USER=root ; COMMAND=/ngfw/usr/local/sf/bin/pigtail
  • 21. Confirm: • FTD management-port is 8443 • Registration Key of FTD and FMC match: C1sco12345 • Unique NAT-ID of FTD and FMC match: 12345 • Configured FMC Public IP (not Private IP) Allow adequate time for the sensor to be added and view pigtail for current status Troubleshooting Steps FTD to FMC Connection
  • 23. Object Management: Edit HOME_NET Variable • Browse to Objects > Object Management • Select Variable Set on the left hand side • Select to edit the Default-Set
  • 24. Object Management: Edit HOME_NET Variable • Select next to HOME_NET
  • 25. Object Management • Click to create a new Network Object • Provide a Name i.e. HOME_NET • Enter Network information that matches the customer environment, for this lab use the network listed to the right. 192.168.0.0/16 • Click Save • From the list of Available Networks, select your new HOME_NET object and click the include button • Remove any pre-existing included networks so that only HOME_NET is listed. • Click Save, Save, Yes.
  • 26. Object Management: Edit Network Discovery Policy • Browse to Policies > Network Discovery • Select to delete the IPv4-Private-All-RFC1918 • Click Yes to confirm
  • 27. Object Management: Edit Network Discovery Policy • Select to Add a New Rule • Select the Users checkbox • Add the newly created HOME_NET variable to the Available Networks • Click Save
  • 29. • Navigate to Devices > Device Management • Select to Edit Device Configure Passive Interface
  • 30. • A passive interface needs to be configured for the FTD to accept traffic from the SPAN port or tap on the customer network • Select next to GigabitEthernet0/2 • The Experimental Light theme may move the pencil icons from the right side to left side and clear out the table. Go ahead and click the second from the bottom interface and verify it shows GigabitEthernet0/2 when viewing. Configure Passive Interface
  • 31. Configure Passive Interface • Name the Zone Passive • Check the Enabled box • Set Interface to Passive Mode • Define a New Security Zone named Passive • Click OK, OK, Click Save (in upper right corner)
  • 32. • Click the Deploy button at top right to push interface configuration to FTD • Select the checkbox by your FTD device • Click Deploy Configure Passive Interface
  • 33. Deployment Status • View the status of deployment by clicking the green checkmark, it will change to a blue color and should show the deployments progress
  • 34. Deployment Status • At a customer site, the interface status for the passive interface should turn green when the deployment completes. • In the dCloud lab, the status is not updated until you change to another parent tab and come back to the device interface settings.
  • 35. Confirm Traffic Flow to NGIPS • Browse to Analysis > Connections > Events • If events are not populating, verify that interfaces are connected, enabled, and the SPAN port or tap is functional.
  • 37. • Integrated into the FMC with 6.2 or later • For a real world POV, wait at least 1 week after verifying incoming connections before generating these risk reports. For this lab, wait 5 to 15 minutes for demo data to populate. • Browse to Overview > Reporting, Select Report Templates • Generate: • Advanced Malware • Attacks, and • Network Risk Reports Risk Reports
  • 38. • Generate Advanced Malware, Attacks, and Network Risk Reports • Download and Save the reports and send to the Instructor for Proof of Performance Risk Reports

Notes de l'éditeur

  1. Changed Cisco Firepower Management Center 6.2 Proof of Value v1 to v1.1
  2. Updated to v1.1
  3. Updated to v1.1
  4. If you click remore desktop in the previous slide you get a new tab in the browser and you are right into the desktop.
  5. Updated slide 11 screenshot to reflect 6.2.2 version
  6. Updated slide 12 to reflect the change in order of the commends to minimize the bug related to Management-Port changing on the next Manager add Command. Also updated the screenshot to reflect the new ordering.
  7. Updated to v1.1
  8. Updated to v1.1
  9. Updated Add Device Screenshot as I did not see VPN check box listed in my lab but it was on the screenshot before.
  10. Don’t’ forget to sanitize appliances after POV engagement.
  11. Added send report to Proctor for Proof of performance to the slide. Don’t’ forget to sanitize appliances after POV engagement.
  12. Thank you.