How to configure the Cisco FMC: Cisco Firepower 6.2.3 FMC Licensing and System Configuration

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi my name is todd lammle and in this section we're going to continue on with the configuration of our fire power management center let's take a look at the tasks were about to do so when I sing well I usually call them and say hey man he's still at your FMC we're not talking rocket science here I think you guys you guys saw that right the second thing I do is I have them do before I come in is install the license install the license okay so we're gonna do that next so what I'm going to show you is when I work at a customer so I've been doing for years I will have them do is I'm gonna go step by step by step by step and this includes the policies everything I do on a real life customer none of this is just fluff in a class to show you features I'm gonna show you what it is in the real world what I do every day so let's take a look at our FMC that we just installed we went to that splash screen now there's no configuration on here except for the IP address now in this case here we can come up here and look that we have to be HTTPS we only listen on port 443 and 22.i put the IP address in it comes to this Status page but we need to configure this first now on the left hand side is our day-to-day activities right this is where we configure our policies this is where we do analysis of our policies so this is our day to day and over here where we deploy our policies out to our devices we see our tasks and the status of them and our health and then here though is where we can figure our FMC so we're gonna start here and the first thing I want to do here is as I mentioned licensing will take a look at classic although we won't use them because I'm only gonna do FTD here I'm not gonna do ASAS firepower or Meraki firepower or anything like that so notice notice I have no licenses here there is a FMC this is kind of our what used to called fire site licensing of hosts and users of our database but now it's called fire power discovery we'll get back to that so we could do classic licenses and the thing you guys need here though hold on you need this not this number here look like a MAC address seven bites oh but if I look at this I'm gonna copy this and it'll say get license and I'll go out and I'll be able to download it this could be efforting though and it could take some time which is why I have my customers do it before I before I come out in this place here the hoe I've got a license for my FTD you've got a token so one of the things I'm gonna smart license and nicely there's an 90 day 45 day I think it is evaluation mode now the problem with this and there's one is this is to try futures and then you can just do it again and keep doing it however we don't get exportable features so remote access is not available so we absolutely want to register using the token so I'm gonna click register here now this is new with six two three okay this six Cisco success Network whatever I'm not gonna do it you know yourself out but that's that's brand new but I need to get my token to put in here that gives you my license in my future so I'm gonna come here I'm gonna open a new tab and go to my license dose I'm very I'm ready to go here guys alright so anyways you come out to software dot Cisco calm and then login I'll see my cache login here and just let me know if you guys need the password for that haha just kidding anyways and then we're gonna come over here to smart software licensing and then this isn't always easy to find either right and first off they've been changing this lately or in the blast especially the last couple of years so I'm gonna come over here and hit inventory hopefully they've kind of mellowed out and stopped changing things all the time and then we'll see some stuff based on the licenses I have some in here here's here's one here that I was using basically this was a demo token that I happen I'm not using anymore so I'm gonna go ahead and revoke it from that FMC folk token forget my tokens if not you get all these these warnings hey but I'm just gonna say new token perfect now this is a demo token based on my CCO licensing and I can get it up to 365 days and if you're just in a lab or something that's what it's for so where's FMC 19 I'm gonna go ahead and create this token now there is a caveat to this and we'll get to the health policies I'll show you what you have to do if you're using this token there's my new token and I'm gonna click on this and I'm gonna right-click now you can control C at times it's not on mine here I'm going to control C there's the token very nice pretty simple once you find the page I'm gonna come back over here and paste it in and now I have my token now if you bought it and your token should be there already so again this can be f14 at times I find this as a problem for my customers a lot but it's not gonna be for us today the one thing we'll see before the end of this section is my health my health it says hey man you got perfect health for now right I've got an F MC with no config but the minute I put this token on there it's gonna say you're out of compliance cuz you haven't paid for it it's a demo license but whatever anyways so there's my license so that's the first thing we're gonna do now what's the next thing so install the license and we'll spend more time on that after everything my device in now I want to configure my system config now I'm writing this down I'll just keep writing here I'm writing this down because again I'll mention is exactly what I do it every customer and when we get to our ACP and everything else I'll show you all the basic rules the foundation that I build so once we've got our license now these say zero that does mean you don't have any that means you have no devices this demo license the virtual FMC can have up to 25 devices in here right so that's how much a virtual can take I'm looking good right now now if something happens I download some it doesn't show up I can just click this and talk to the license server again we need to talk to it now on here we're gonna get back to our health policies and health monitor but we want to do our configuration will create users will do domains integration is important to us with our ad and our ice with px grid and we'll do our updates remember in that splash screen and said hey you want to do the updates no we're gonna do it by hand from here so I'm gonna start here though and this actually takes quite a few minutes get through so get some air okay now you guys ready so when I come in here I end up on the information page and we can change our host name our fully qualified name now the first thing we can do is the access list now I got to tell you guys something if you've done this with pass codes five to five three five four right I've been going for a long time anything in the six code it took a long time to do these screens you have to sit here and it's been six to three is much faster much faster so I can get through this section so we can add rules here now the one thing I want to show you is who can come in notice we only listen on SSH HTTP this miles will say 22 and 443 all right this is 161 I can go ahead and put an SNMP and a mess manager in but since I don't have it configured yet it won't take it here we'll come back to this so if I cancel this what you guys really want to do here is maybe delete these and what this does is it's going to you can put in a host that says hey who can get into this FMC but be careful you can log yourself lock yourself out as soon as you say save man you might reinstall from a backup or do a new install of FMC but you're gonna be locked out now I had a customer that did that they called Cisco they went into the console and did something got a fixed thought it might take a couple hours so be careful we'll come back to this after I do my SNMP configure so I'm gonna come here to process now I don't do this with a virtual FMC I will not do this what I'm gonna do here is if I have a hardware I would do a shutdown remember you can't turn it on from here you can shut it down I can reboot it restart the FMC but if I may in a virtual one I would do that from V Center but if I have my 2500 or 4500 then there you go now the audit log is interesting and I try to get all my customers to do this and my all my students as you I obviously do quite a few classes but what this has to do is for this here I want you to show you something I cook trick here I'm always open to things in new tabs you learn that relatively quickly when you're doing this FMC although it's much faster now so if you guys have seen the past and you're watching this for the first time you're like holy crap that's fast it is but notice what's happening here if this was Bob and he was an admin he says oh my gosh I just brought down the entire network well um I'm just gonna delete this and you know I it's happy hour so you I deleted that I'm good I'm not gonna get fired now so it's gone alright so what you want to do is you have some basic apps now if you only have one or two admins this may not be that important to you but if you have a few what we want to do is send this to a secure audit log so I'm gonna send this to a syslog and I have one and I'm gonna say the facility now this isn't a syslog class so I'm not gonna talk about these so you have to choose that the tank is vendor information so I can add that the rest of this I'll leave and then you hit save on every one on every one of these screens you're gonna hit save and by the way it immediately takes effect that's why if you did the access list put it in wrong and hit save it immediately took effect log in banner we absolutely need right you're just gonna copy and paste in what you guys have for your security policy this is my FMC 19 if you're not allowed please disconnect immediately by the law that's up to you now the change reconciliation one oops the change reconciliation one I definitely used at some banks I don't know anyone that actually reads this data and it's a little cumbersome relationship claim first off you have to have your email here you go right here email notification set up your SMTP which will do shortly but you enable this now you say I want to just show the change history I don't care about policy but you have to set up your meet relay before this would work no big deal I'm not gonna use this now this doesn't say if I set this to a this doesn't say run at 8 that would be kind of nice so some of my banks they they use this and they keep this for their audits and whatnot but basically what this says is they run every 23 hours most I can make this around in 50 minutes so if you think you're losing 10 minutes a day on these and whatever but I don't like the way that they do this but it's there in case you guys need it and then the actual reports aren't that great it's up to you now the Dean has cash and dashboard these are kind of left over from the old appliance days so I don't use those the database one I want you to be careful and I want you to if you're gonna do something here probably I'm Cisco on the phone certainly don't blame me if you take something here and say save and then you have a problem anyways I don't change most of these again you would change these if sis was on the phone and they said hey change this now if you had a larger FMC now if you would read my blog about how to get the virtual FMC virtually faster that's what it's called one of the things you can realize is you get 49 million events on a virtual FMC and this has to do with your access control policy logging now in this case here it's only a million by default I usually come in here and change this to 10 million at least right depends on the FMC if you have a 4500 I think it's 250 million events the other thing is you got like IPS fence all right I tell you something here there's a million events you have a million IPS events you have other problems I'm worrying about this page but you know I'm gonna least change this one I don't think I'll change the rest without maybe talkin Cisco we'll see now in this case here external database you can do storage you have malware storage pack and so on I don't really use this one but you can see that there are some different options here you can add a host in here for storage but I'm gonna show you another one for backups and I can use that one under the email notification now we'll get this one working and I recommend in production that you absolutely get this working so to say smtp.gmail.com obviously you don't want to use this one for your production Network you use a real one right I'm gonna say this at FMC events at Langley comm right it actually kind of can make this up the from address but on the authentication one we're gonna authenticate to a real address right now this if you're using Gmail this may not work for you I have a enterprise business account and then this is gonna say who goes to Todd it lamely calm and so if not what Chuck who is to get an email from Google saying hey man you're trying to relay I'm gonna get this working I think I spelled this wrong and I'll start getting emails assuming I get this and let's try that again I want you to spend some time on this and making watch that I'm putting in emails notice that it's saying message sent here so that worked and make sure this works and goes to a group create a group that's going to get emails from events that you set up to be emailed now the average access control preferences the intrusion policy preferences down here in the NAP which is my advanced IPS preprocessors under these no basically all it is all three of these the same comment on rule change you absolutely want to make this required so what this does is if a user goes out in again we're going to create user someone logs in as admin and if a user goes out and makes a change in a policy the access control the IPS and the NAP they have to leave a comment now they might not write anything worthwhile but it still record the name date and time and that's what you want however during a class that I have or when I'm doing a cut over for a client I'm going to disable these because they're more they're they're kind of a pain because you're constantly changing these policies so I would not took customer and we were doing a cover for a week and I was ended up disabling those because you're just changing these policies so much right and then when I left though I turn these all back on now you can hear or before I left I turned them all back on so they had to do them and that Kevin is a good audit now you can come in here and create an HP server you can generate a new certificate server requests or import one so you don't get that when you log in and you don't get that message be careful with this client one just be careful here you might land up blogging yourself out information doesn't help us this is the same now with language though I recommend doing this right before your vacation this is this is the most fun now I've been an IT a long time long before it was called IT and so we had to come up with some really weird fun stuff but one of the things is there's if you guys have noticed if you've been in some older older codes used to speak English in Japanese when two six code was English Japanese and Korean and now they have Chinese as well so there's four now so before you go should just choose one and say save I think this Korean will find I don't know anyways it you say English to Japanese they're like if you can't read this so you shouldn't choose it but I think this would be really fun for your friends when they come in on Monday to do this Friday night before you leave haha that would be over a flaw laughs right right I can't find anyone to do it but it sure sounds fun all right so let's keep that back anyways so anyways managed me in their faces now this one sometimes I'll come in here I put the wrong DNS or search domain in here now one of the things that it's telling me here is I communicate on TCP 8305 from the FMC with event data from my FTD boxes to my FM C and deploy for my FMC's to my boxes using TCP 8305 if you want to change the sword be most storage definitely do this when we do task management section this is so critical guys we're gonna come in here and use now I got to tell you I'm just tell you right now and a fast estimation want to use SMB only uses version one I don't even know somebody uses version one anymore so actually maybe in 63 they changed that but I haven't seen it yet so we'll use one of these and we'll do this in our task management section REST API you can do some preferences there but SNMP the only two more things here guys hang in there the section will be over so I want to configure this you probably want to do version 3 guys but there's some effort here right so if you're in production this isn't an SMP or syslog class I recommend version 3 but in this class I'm just gonna you version 2 and so I'm gonna come back here because why because it's easy so a lot of my customers just do that because it's like go out I go you guys using version 3 right so then occasionally zippy uh ya know we've been to I hear that a lot anyways access lists so now we can come back now that that's done version 2 the firepower I can add my animal station if you don't do this you won't get traps right so I'm gonna put in here 10 11 11 250 and that's my 161 so we'll see that in there you can't change this port number here all right so I want to save that so now my when I configure SMP which we still got another step to do for for SNMP that's two steps time doesn't just tells you how far'd thinks you're off from your server time synchronization is what we want to do and the rest of these we won't even look at this is new but we can just use the help screen for those guys in this case here I don't really need to do anything but change this now remember I could have done this on that plats crap on that splash screen right okay but I wanted to show you where you change it here and that's all we care about on here so guys the the system configuration let's go back and take a look here and one of the things is that we installed the FMC we installed our license and then we configured our system config in the next section we're still not going to bring in our our activity box we're going to do our health policies and health alert
Info
Channel: Todd Lammle
Views: 44,954
Rating: undefined out of 5
Keywords: Cisco Firepower FTD 6.2.3
Id: fubR53UBf2M
Channel Id: undefined
Length: 18min 47sec (1127 seconds)
Published: Sun Apr 08 2018
Related Videos
Firepower Management Center - FMC 101
Cisco
104K
Cisco FirePOWER Access Control Policies - Todd Lammle Training Series
Todd Lammle
82K
The Big Misconception About Electricity
Veritasium
10M
I Built This From A 1972 Popular Mechanics Magazine Plan. Does It Work?
Fireball Tool
2.4M
Making a Simple Hydrogen Generator from Washers
Maciej Nowak Projects
4M
How did the Enigma Machine work?
Jared Owen
975K
Firepower threat defense high avaIlability
White Circle
4.3K
Kubernetes Tutorial for Beginners [FULL COURSE in 4 Hours]
TechWorld with Nana
2.6M
Cisco FirePOWER / Sourcefire Overview - Todd Lammle Training Series
Todd Lammle
46K
How To Speak by Patrick Winston
MIT OpenCourseWare
5.3M
How to apply Cisco Smart License for FTD through FMC
Securing Networks with Cisco Firepower Threat Defense
21K
How I upgraded my garage floor (HUGE Difference)
DIY Creators
4.6M
Introduction to Cisco FTD Firepower Systems and installation
NETWORKERSHOME
7.4K
Introduction to Cisco Firepower and Firepower Device Manager
NTRaaS
1K
Initial Configuration Working Lab(Cisco FMC And Cisco FTD)
MSKTechMate
286
Narcissist, Psychopath, or Sociopath: How to Spot the Differences | Dr Ramani x MedCircle
MedCircle
10M
I bought 1000 meters of wire to settle a physics debate
AlphaPhoenix
581K
Setup Cisco UCS using CIMC
XtremeIE
32K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.