Cisco Firepower- Initial Device Setup FTD/FMC/FDM

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey folks welcome back this is joelle and in this series of videos we'll explore firepower a little more right so um there's a bit of content on firepower you know on my channel already uh but that was probably uh created uh i think majority of it was created long back probably a couple of years back or at least a year back uh i recently put out a video on firepower uh which is how do you install firepower on eve and so on uh so think of this as a continuation of that right where we will explore some of the interesting features of uh you know fair power and in this particular topology uh now right now this topology is probably not very complete right i'll be building on this as and when we explore more more cool features so let's start with something very simple right this video will be mainly concentrated on getting the initial you know device configuration up right initial device setup i would say so we'll basically get this particular ftd branch over here and then we'll also get the two fdds over here which have kind of configured our intent to configure in kind of h a high availability scenario right so and then we also have the fmc right so let's uh start with the first activity which is getting this ftd up so what i'm gonna do is i've not done anything as of now right so it's completely blank this is my jump post right i have a jump post or basically a management pc from where i'll be connecting to all the devices i think the topology is pretty straightforward right so i have the internet here the green thing is the internet right this is the isp router uh this is one branch right so i have a branch here and then think of this yellow thing yellow uh network as my campus network right so all the campus network or the enterprise campus network right it is using the ftd um you know as an internet edge right before going to the internet and then there is a small branch here and then there is also like a small remote vpn pc as well so that someone from the internet should be able to do vpn into maybe the ftd branch or maybe into the um you know ftds of the campus right so first things first uh remember we have talked about this before ftd can be managed multiple ways a couple of them are using the fmc which is here and the other one is using the on box management uh which is called fdm right firepower device management manager i guess right so we'll be using fdm for the ftd branch because it's just one single ftd right i really don't have to spin up my fmc for this i can use the on box management uh console whereas for uh these two ftds will be using the fmc right so let me go and start this guy right so let's wait for that to get booted up right so uh the first time you basically end up getting something like this right so you will have your vnc right you need to connect to this via the vmc so let's see so uh right now if you see here if you if you hover your mouse on this particular ftd on the bottom left corner you will basically see the vnc port so i have just used the vnc connector to kind of go and uh connect this guy so just get rid of that yeah so this is going to happen this will probably take few minutes so what i'm going to do right now is while this is happening i'm going to pause the video and we'll come back once this is done and we can proceed with the actual you know initial configuration all right cool all right so looks like it's come back which means we are thrown on the login screen over here we try to increase the size of it if you're not able to see but that's good so we will go with the default login which is going to be admin and the password is also going to be capital a d m i n uh one two three right so it's capital a okay sorry maybe i did not put it now let's put that one two three there you go so we have logged in now it's asking for us to accept the eula right so we have to press enter right to the point to the bottom right we'd have to go to the bottom and we'd have to accept this so let's do that quite a lengthy one this one so let's go let's go a little more i guess okay so in countries yeah so now i can type in yes right so that's how you accept the eula ah my bad so i pressed a little more of yes i believe so i'll have to redo that so let me redo that give me a second all right i think that's good so it's given me the screen where i have to accept i will have to type in the new uh password right so i'm going to go with something simple which i'll remember all right so i've put in the new password so that's the first thing it's going to ask right the next thing so it's going to ask you one ipv4 or ipv6 so i'm going to go with ipv4 so it's going to say yes so i'm going to press that and then ipv6 right and i don't want ipv6 so that's good then it's going ask um you wanna configure ipv4 manually i'm gonna say yes so i'm gonna type manual over there it's asking for the ip address itself so i'm gonna go with my ip address which is i forgot what is the one we are using here let's go back and check so this is the one right so we have 190 to 168 triple 1.30 that's what we are using so 192 168 triple 1 30 and the mask the mask i'll be good with this probably yeah so let's go with slash 24 the gateway the gateway is going to be 192 168 triple 1 dot 1 2 5 4 okay so that'll be the default gateway and it's asking for a fully qualified name so i'm going to go with something like ftd dash branch you know maybe dot dot lab dot local right so we can use this for uh in our dns resolution later right right now it is not i haven't turned on my dns but you know maybe we can do this later right so that's fine then comma separated list for dns servers let's keep it default i guess enter a comma separated search domains i'm going to keep whatever is empty not needed so now what it is going to do is as you see that because we have changed the networking configuration it's going to kind of like refresh it right so it will disconnect and reconnect kind of a situation so let's wait for a few seconds for that to happen all right so we are back now uh it's asking me do you want to manage this device locally now this is very important right because like i said we are going to be using fdm to manage this particular device i'm going to say yes for this one right so and then i think i also pressed another enter so it has taken the default mode which is configuring the firewall mode to route it so because you know you know in a firewall we can have two modes right router and transparent so uh for l3 and l2 functionality right now we are using uh the routed mode okay all right all right so we are good with that which means technically we should be able to go and reach this particular device from our management pc which is here so let's do that let's do https right 192 168 dot triple 1.30 close that let's wait if everything is good here it's telling successfully performed first boot initial configuration and all of that is good so i think we are actually pretty much done from the cli right don't have to do anything much we just need to wait for the web ui to come up and then we should be good all right so it's going to give you this i think it's better to get this guy on uh let's get him on firefox right firefox is way better than chrome so let's let me just connect to it give me a second all right that's good so it's going to obviously give you that self-signed certificate error but that's fine you can go to advanced add the exception confirm and i think it should now connect us to our ftd which we want to locally manage there you go right maybe i can even bookmark this right so i'm gonna say ftd branch sorry fdm for branch there you go that's good cool now let's go with the default username which is admin and my password which i just now changed i believe it should take that so there you go it's trying to log me in this is if you guys have not seen the ui before this is how it looks right pretty straight forward and i would suggest if you have just one single uh ftd and you um you know and you're trying to manage it uh you know fdm is a decent approach for doing it right you really don't want to have a fmc you know just for one ftd so if you're like a small office right soho kind of a situation right uh small office home office kind of a situation where you have probably one ftd then better to go with this particular approach right all right all right so what do we do next so it's asking me for device uh you know uh setup here so i'm gonna just click skip for now uh because you know we would want to do it separately right uh so what i'm gonna do is so it's also asking me do you wanna uh if you skip the you'll configure you cannot restart the device i want to continue and skip this please okay so we have to enable the 90-day evaluation period the license as i'm gonna say confirm right so let's wait for that to go in all right so looks like that is done right the device initialization is done you can see your basic stuff appearing here right you've got the ports being shown here and all of that the first thing we want to do is we want to probably go and configure our interfaces right let's quickly have a look at our topology here we've got the gigabit zero slash zero kind of on the outside right and the gigabit zero slash one kind of on the inside right so let's see what do we do about that so we will go down to the interface so you know to configure interface you can click on this over here and there you go it will start showing you the interfaces 0 0 0 one right these are our interfaces which you wanna configure so what we'll do now is let's uh we'll have to hover right you see this pencil mark so let's click on that guy and yeah so it will take a bit of time there you go so we've got the outside interface already defined the name is there like it has already picked up i have not configured this anywhere before but it has already picked up that particular name for that interface which is fine we are happy with that uh what we'll do is um we will say don't go for dhcp rather let's go for static right and let's put the ip address which is going to be 192. uh 51 right dot i believe 100.1 so that's going to be our address and obviously the mask we can go with 24 i believe let's double check yes that is 24. so that's good right uh and we're gonna say okay right so that's about configuring the outside interface i believe let's see what else do we do we'll have to do a bit of routing let's do a bit of routing probably put in a static route let's wait for this right so there you go so we've put in the gigabit zero slash zero uh the zero slash one for now let's park it we are not gonna do it in this video probably let's do it later uh that being said let's go back to device summary right that's how you go back to your default home screen that's your device summary and what you want to do we want to do routing so let's go there currently you see there are no routes so we'll say we'll add about here right you can either click here or you can say static route anywhere you can do it i'm going to say over here and the name the name okay so uh what do we give do we really need a name that's interesting had not seen that before maybe that's a new thing uh anyway so we'll give it a name probably let's call it static towards isp right so we'll say static towards isp the isp router it's going to be an ipv4 so that's good and the interface is clearly going to be an outside interface so that's gigabit zero slash zero right ipv4 and we'll have to put in um kind of like a network over here right so uh did i select the right thing maybe let me try to do this again because this is completely different looks different so let's try this button hmm that's interesting looks like they have kind of changed the view a bit anyway so yeah let's do this so the name is going to be static and it's going to be isp uh probably this the interface is not mandatory right so anyway so uh we'll see um uh the gateway over here right so in the gateway we should be able to select the network so right now we don't have a network object so we're gonna click on that right so here we can create a network object and i'm going to create a network object for the isp router which is a host and what is the address 190 uh is it 192 or 198. for what so it is 188 okay maybe i made a mistake with the other one then i have to fix that anyway so it's gonna be 198 dots uh 51.100 it's 102. all right so that's your host i'm gonna put an okay over here right so that's the gateway right which we'll select obviously over here and so metric let's keep it as is networks networks networks so the gateway is done so we'll have to select the networks so the network will be any ipv4 so right so we're basically saying for anything basically go down to you know isp router suite the sla and all we can skip let's so you have to select the interface that's interesting it wasn't that before anyway so we'll select the outside interface over here and i think that should be good right let me quickly also go and fix the ip address over here so that's important so what we'll do is let's go back to the device summary i think let's go to the interfaces and over here see i need to change this so let's click on this edit button i need to change that 192 to 198. i made a mistake over there all right so that's good so we're going to save that so i think we are good with both the things we have done the interfaces we have done the routing right time to deploy so let's go and deploy so that's how you deploy right similar to how you deploy it on fmc you can deploy it over here as well so it's going to tell you what what we are going to be doing you can see pretty cool stuff right so that's that's good okay so that's good so what we'll do is we'll click on deploy here so the job was added to the queue and we will say okay i believe right so now it's going to be just to be deployed so you can see the you can see it's going to be deployed soon so it takes a few minutes to complete let's go to the deployment history to see what is deployed right now nothing it's not completed but yeah so we'll have to wait i believe let's see so it's in progress meanwhile let me quickly uh pause the video and check if my uh so i've gotten i also have the two ftds and fmc is turned on so let's see what's the progress with those so i'm gonna pause the video and check that give me a second all right so this is how it looks once the configuration has been pushed right and deployed so i can click on ok here and now we can probably go back to the device and you can see here if i run something like uh show interface ip brief if i'm not wrong okay ip brief so there you go right whatever we configured just now the ip addresses right the outside interface and bunch of things which we did you can see here being reflected right so and now you can use basically this fdm to manage this particular you can do monitoring you can do policies and everything what you would do on fmc something very similar to that you could do here as well right and you can see all the cool stuff all the metrics are all visible here right so this is how you use fdm you so fdm is basically bundled on box it's like on box management center and you can use this if you're kind of like managing one single ftd right now i'm going to pause the video and wait for my rest of the ftds and fmc's to come up right and so that we can kind of do the initial setup on those two guys as well and on board them to the fmc right so i'll be back in a minute all right so my fmc is not up yet but my two ftds are up so i think we can do we can start with the configuration of these guys and then wait for the fmca to come up so let's start with the admin into three right let's do the same thing on the other guy as well so that we don't waste time right so the next is it's gonna ask for the eula right i have to accept the ula so there you go this guy has given it so let's go let's just press on the enter key over here until it goes to the complete bottom the right hand side is my ftdha2 right the second ftd whereas on the on the left hand side is my ha1 so technically you will have to read through this but since it's my since i'm doing it on a lab and i really know what it is so we are good it's going to ask me for a new password now there you go so i'm going to use my sweet so that's good meanwhile i can go and accept the eula for this guy as well uh also i'm running kind of like the latest version as you see there i'm running 6.6.1 right just to give you a glimpse that uh i think they have also released 6.7 but this is like the recommended release so if you're going for production probably better to use this particular release all right so let's start with the configuration maybe or maybe let's do it enter the new password and again all right so let's start with the left one so it's asking me to configure ipv4 yes ipv6 no perfect and what will be the uh so we'll have to put in uh dhcp okay so we'll go with manual obviously and what will be the ipv address here it's 192 168 dot triple 1 and dot 10 i believe so this is going to be the dot 10 and the other one is going to be dot 11 right so the mask is fine the default gateway is 190 to 168 dot triple one dot uh two five four the one which we used earlier it's basically my router qualified name okay so let's use something like ftd dash ha one uh dot lab dot local right that's what looks good and uh let's keep the rest of the stuff default okay and let's go on the right hand side now do you wanna configure ipv4 yes ipv6 no manual right it's asking for the management ip 192 168 uh dot triple one we'll go with dot 11 here and mask is fine management okay gateway gateway is 192 168 triple 1.254 qualified name will go with ftd dash ha2 right dot lab dot local right so that looks good i guess yeah uh ftdh2 dot yeah that's good and keep this default keep this default yeah so while that happens let's quickly go and do this one so here we will not be managing the device locally rather we'll be using fmc so i'm going to say manage device locally no right so that's good next it should ask me for the firewall mode do i want to run it in which one routed mode or transparent mode right so okay so let's do the same thing here do you wanna manage device locally it's gonna be a no okay so let's wait for the next instruction to appear again if you're probably running it on a very powerful machine powerful server probably it's going to be even more faster so yeah make sure that you have enough resources because these are all heavy nodes right i think that needs close to 8 gb of ram for each of the each of these devices so yeah make sure you got enough amount of ram and enough amount of uh you know device memory on it so it's asking for the routed mode so i'm gonna say yes i wanna go with the routed mode here so now it will do a bit of configuration probably takes a bit of time meanwhile let's see on the right hand side are we good probably we'll have to wait a little more i guess all right let's do the right side one as well routed mode good so now let's wait for my fmc to come up because you know uh uh once um or maybe we can actually do the once these this process is completed we can actually go about adding my uh fmc uh sorry to uh adding my ftd right to the fmc from the from this side right we'll have to do the same thing on the fmc side as well but from the ftd side we can like finish up that config as well so let's wait for this process to finish all right so looks like the guys have come up so let's first go and configure this so we're gonna say configure uh manager right manager is nothing but my fmc so that's a command configure manager add address and the address is 192.168. triple 1 dot i think we'll go with 20 right so that will be the ip address of my fmc which i haven't configured yet but i will have to do it i'm gonna say cisco123 right looks good i think yeah i'm happy so i'm gonna go with that and the other side as well so i'm gonna say configure uh manager right let's add and it's gonna be the same thing 192 168 dot triple one right uh dot 20 and cisco one two three figure address ones and yep there you go so that's done so that's good it's like my fmc is up so the first thing you gotta do is you log into fmc it is using the same admin and the password you get into the expert console and here you can hit the initial script which is to configure your network so we'll say configure network i guess yeah and it's asking for me for a password so we trust you and all of that okay so let's go with uh right so let's put in the password okay so it's asking for ipv4 yes uh management ip is 192 168 1.20 management mask is going to be correct default gateway 192 168 1.254 the settings correct yes you want to configure ipv6 no so let's wait for that to complete right so it's going to update the configuration all right so looks like it has come up and we are good to go to our browser here and let's say https okay so that's going to be our 190 sorry 92 but this time let's change this to 20 right so there you go you're gonna say advanced you're gonna accept the exception confirm okay so let's login with the default password i believe it lasts me to change the password now because unlike ftd for fmc you have to log in and then change the password so yeah we should probably get something here that's a fine view yeah there you go so the new password gotta have eight characters at least one lower one up uh one upper one digit one special character no more than two passwords match okay got it so i don't know let's go with uh something like this maybe let me fix that let me change a bit i'm gonna forget the password so all right so that's good so let's change this guy sweet so looks good let's say next probably gonna show me the yola over here so that's good so i'm gonna say accept and these are all the settings which we did the fully qualified name i can go with fmc.lab.local right the rest of the stuff looks good ntp ntp ntp so i do want to change ntp probably maybe at a later stage for now okay it's not even reachable so let me try to fix that give me a second let's see actually let's go ahead if if we get into trouble maybe we can change maybe we can create an ndp server in our topology and use it right for now i'm happy with this so i'm going to say finish up here so that we get the fine fmc gui so that we can add our two devices right so let's do that all right so it's gonna drop you here and we let's go and excuse me let's go and enable our you know evaluation license here also you see the um uh the view here right uh this is kind of like the light theme i guess not a big fan of it personally i really like my fmc the classic theme right so i'm probably going to switch to that but if you are interested with this one then you can probably check that out i'm going to switch back to the classic theme because that's what i have used over the years and something which i'm very comfortable with right so there you go let's go and do some fun stuff which is go down to devices because that's where we'll have to add our devices now so there you go we have in the devices page and here let's add our um you know devices the two ftd so let's say add device and the host what's the host it's 192 168 dot triple 1.10 right the display name is i know maybe something ftd.ha1 i guess okay my bad sorry that should go here my bad okay so that's good and the registration key remember we use cisco one two three uh the group is none right there is no policy as of now so let's create a new policy right let's call this something like ftd initial uh policy obviously we'll change this later but for now you need to have something at least so i'm gonna i know i'm not gonna block all traffic i'm going to go to probably something like intuition prevention right i'm going to save that that's a default action it's not blocking so that you know we we can test some things and stuff later maybe in the next set of videos that's why i'm not blocking all the traffic so that's good and let's enable all the stuff here one two three let's keep that and let's go so now what it's going to do is it's going to try to register the device remember we have the two devices here which is ftd you know one and two right so there you go this is one and this is two and we have kind of put the manager uh command here so which means we are good to register this one here right so in few seconds that should work so i'm going to pause the video and come back once it is done you can see on the right hand side the registration has started to take a minute or so for the registration to complete all right so the dialog box is gone but it's still registering you see here it's still happening right which means but then what i'm gonna do is i'm gonna go ahead and add my other device as well so that in the background you know this also completes right so uh let's see what's the give me a second yeah for a hi2 let's go with the host which is 192 168 triple 1.20 i believe or sorry triple 1.11 and the display name is gonna be obviously ftd dot sorry dash h a and two where the registration key is gonna be cisco cisco123 right and let's go and enable these guys and we are good so let's click on register so i'll come back let's pause the video and come back when both the guys are registered all right guys there we go looks like it is completed you can see both the ftds are showing in green color right which means both both the devices were discovered and they were added to the fmc right so in this particular video we will pause here or we'll stop here because i don't want to overburden with a lot of content we'll come back with the you know more videos on the series but what we did just to summarize was that we checked out how to locally uh you know use the fdm right which was the first one which we tried here right that was this one the firefox device uh sorry the firepower device manager to manually to manage the device locally right and the second approach which we used for the campus ftds was by you know trying to see uh trying to add the devices to fmc and manage the devices via fmc right so here you go that's what we have done um just wanted to keep it very simple in the first video but uh keep watching or keep checking out the space or this particular channel and we'll obviously be doing much more cooler stuff with the topology in the coming days right uh thanks a lot guys have a good one

Info

Channel: BitsPlease

Views: 10,527

Rating: undefined out of 5

Keywords: cisco, firepower, FTD, FMC, FDM

Id: 0ltI4uN5_3Q

Channel Id: undefined

Length: 35min 16sec (2116 seconds)

Published: Fri Nov 27 2020