Introduction to FlexConfig on FMC

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello welcome to firepower threat defense training video series Anandi in this video we are going to see how to use flex configuration on fibre Management Center flex configuration is used to manage the policy that are not natively supported by the fiber management center in this video I'm going to talk about the framework of a fire power management center and then in the subsequent videos we will see some of the examples to configure some of the policies using splits configuration as I said the Flex configuration and support features are all the features that are natively supported by the FMC like access control policy or VPN those features cannot be contacted through flex configuration the supported features with Flex conflict our EHR P is is PBR on inspect policy map all these features which are not natively supported by fire power management setter for the full list of features please refer fire power management configuration guide the process of using flex config is first you need to have various variables the variables could be text objects or it could be a network object or it could be a system variables that are predefined on the FMC these variables you can go after it or use it on the Flex configuration object where you define define multiple realized to configure example if you want to configure ERP you need to have a multiple CL eyes that needs to be pushed to the fiber thread defense in which variables such as network or interface can be called from the network flex variables and once you define a flex configuration flex configuration object that you can refer that on the flex conservation policy and once you define the Flex configuration policy where it can have multiple flex config objects such as it can have a inspect flex configuration object and it can have an EHR P of object and it can have a PBR put together as a single flex configuration policy and then you can assign it to our device one or two device and then push the configuration during deploy it TCC allies will be pushed to the firepower thread defense so some of before we go into the demo some of the key things that you have to note is during deploy you have two options one is append and prepend what that mean is a particular set of legs continuity object those generated see like you wanted to push before fmz policy or after if MC policy so example if you have used FMC to configure nad policy or access counter policy those who generate CLI configuration during deploy so those will be handled at the bucket of FMC policy CLI and using flex config you have configured say for example PBR those c allies you need to either want to push before the CSM policy or after the FMC policy that has then FMC policy that is generated so that can be controlled by a type and on the deployment you have two options known as once or every time if you sit as one you once so it when you push those competition until only once during them entire lifecycle of a product or if you sit every time so every deployment will have those CL eyes push to the fiber third offense so let's walk through the some of the components of the it's configuration with this fire power management center so first you can go to object on object manager where you can find flakes configuration object such as as you can see here text object and then flex configuration object in the text object you can define a variable with values the values can be either single or multiple say for example I want to use a variable for a gateway in called policy based route I can define a gateway here with a variable named gateway and then set it as single I can define an IP address here which I can use it on place configuration object and as well it also supports multiple values say for example I need to insert a variable say inspect protocol and then I need multiple increase so I can have more than one entry so I can these a define and define a variable which can have multiple values within the variables it is possible with this text variable apart from that the FMC also has predefined variables which are used in the place configuration predefined the Flex fan fiction object which we can use it and then modify example the inspect protocol we already have an default disable inspect protocol which has a list of protocols that are used in inspect policy map if you want you can change the values and then use it in the Flex config object on the Flex config object we have predefined a Flex configuration valid objects which you can use at ready-made example say for example if you want to configure EHR P you can use this pre template which you can use it and then conjugates ERRP on your fiber thread depends all you have to do is go to the respective variables in the text object and then change the values according to your needs or you can simply copy copy paste this to a different place config object and then change according to your needs and then push the configuration so as you could see that deployment you have two option honest once and every time which means that if if you say this once this particular Flex accounting object will be sent to the device only once if you say it as every time doing every deploy this CL ice will be sent to to the device every single deployment and a pendant prepend as we said as we said if you set it as an append these conjugation goes after the CL eyes that are generated by v power management center native policies if you prevent it dos realize please convey as will be sent before the policies that are natively supported by the firepower of Medical Center and apart from that you have these insert variables using insert variables you can use the ticks of Japan D which are defined here or use the network objects that are available under object manager examples that you can use and Network values in the PBR or use AC else in the policy policy based routing or use road map again in the PBR you can also use system variables such as you can check with the system variable with the system variable whether it's sensing fire routed or transparent or in singular multi you can extract by values management IP address values we can extract host information on using these system variables apart from that you can also have secret key in order to have a variable which has a password for routing protocols and you have this validation check box if you know how to check this how the script is whether it has a proper syntax we can use this validation to check the where correctness of your scripts once you define the Flex country here you can go to device and device we have a flex configuration where you can define a flex config policy I can define a name here assign one or more devices to the Flex config and use the Flex config object that you have configured under object manager and then save the configuration and you can deploy this will generate a CLI and then push to that device before deploying it you can transfer for those CL eyes using a preview configuration which is going to generate the sea lice that is going to be pushed to to the device so we strongly recommend to use preview configuration in order to verify the what CL is generated by the next config which will be pushed to the fire five four three defense so you could see that whatever next config object that we have created is pushing this CLI so the Flex config happened whatever that next object that I've said Magda's happened will be sent here dcl eyes are generated by the PI power management center native computation next configuration objects which mark does depend will go in this particular section with this we have come to the end of this video shake my second a part two video where I am going to give an example of how to configure inspect policy map when Flex configuration thank you
Info
Channel: Securing Networks with Cisco Firepower Threat Defense
Views: 8,702
Rating: undefined out of 5
Keywords: FMC FlexConfig, FlexConfig, Configuring ASA policy using FlexConfig, Firepower, FTD, Firepower Threat Defense, Firepower Management Center, configuring unsupported ASA policy through flexconfig
Id: OMspnE9fq08
Channel Id: undefined
Length: 11min 28sec (688 seconds)
Published: Wed Sep 27 2017
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.