LLC Firepower

Cisco Firepower Basic Training
Andrelo Pagobo – Technical Engineer

April 2019
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Topics
- FMC Installation on VMware
- ASA 55xx FTD Installation
- Basic Routing Configuration
- Basic adding of Objects
- NAT Rules (static/dynamic)
- Backup and Restore
- Basic Troubleshooting
VM Ware Installation
- Login to Cisco account and download:
Cisco_Firepower_Management_Center_Virtual_VMware-6.2.3-83.tar
- Extract files and Create New Virtual Machine (OVF/VMDK)
- Select .OVF and .vmdk files and proceed with the installation.
- Select thin provisioning and complete the installation.
- Select thin provisioning and complete the installation.
- Try to access Virtual Machine to test after installation.
FMC Reimaging
- Connect to console and boot ASA Device

- When prompted, press ESC to enter ROMMON.
- Configure basic Network Settings (ASA Device and
TFTP/FTP Server.
- Proceed TFTP to copy files and run installation.
- Last output is “firepower-boot>”
FMC Reimaging
- Install FTD System Image on ASA
- Type “setup” on console
- Set IP addresses (can be the same as boot

setup)
- Follow through with the installation.
FMC Reimaging

setup)
FMC Reimaging

setup)
- Agree to EULA and Input IP Address of
Device, as well as point to FMC
- say NO on “Manage Device Locally”
NOTE: Manage Device Locally is for FDM

when you do not have FMC.
- Execute command “configure manager

add IPADDRESS ****”
**** stands for encryption key
Login to FMC, add feature Licenses to activate console and device.
- Go to DEVICES and add the device.
- Check feature to be activated on device
NOTE: Remember the details set during

configuration of ASA Device (IP ADDRESS,
REGISTRATION KEY)
Go to OBJECTS and add security Zones for interfaces
- Go to DEVICES -> DEVICE MANAGEMENT -> INTERFACES.
- Select your preferred OUTSIDE and INSIDE interfaces, define their IP addresses.
- Go to DEVICES -> DEVICE MANAGEMENT ->
ROUTES
- Select your preferred OUTSIDE and INSIDE

interfaces, define their IP addresses.
- Click on ADD route and configure route from

ANY network to OUTSIDE interface.
- ADD Next hop (GATEWAY) for traffic and save.
- Go to POLICIES and select ACCESS CONTROL
NOTE: By default, all traffic is BLOCKED (Implicit Deny)
- Add “ALLOW ALL” rule to enable traffic from ANY network to ANY destinations.
- ENABLE LOGGING in your rule to generate data on dashboard:
- Go to POLICIES>NETWORK DISCOVERY and ensure you discover hosts, users and application for full visibility.
- Go to DEVICES and select NAT and ADD Rule.
- Configure DYNAMIC AUTO NAT and select appropriate interfaces on your network in INTERFACE OBJECTS.
- Go to TRANSLATION tab and select appropriate SOURCE and DESTINATION networks.
Click OK and SAVE Changes
- Click on DEPLOY up top, select the DEVICE and hit DEPLOY. Device should proceed to deployment and you will
get notification that it’s done.
- Sample Dashboard screenshots
- Sample Dashboard screenshots
- GO to SYSTEM>TOOLS>BACKUP/Restore
- Click on Firepower Management Backup
- Check on TASKS to see process running, you will get
notification when done.
- Check on TASKS to see process running, you will get
notification when done.
- To restore, go to Backup Management, select the profile

and click Restore.
Go to DEVICES > DEVICE MANAGEMENT > and click on troubleshooting icon.
Click on Advanced Troubleshooting
- Select Packet Tracer and specify parameters.
- Sample Output
CLI packet tracer
REFERENCE LINKS:
https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/vmware/fmcv/FMCv-quick.html
https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200884-installing-and-upgrading-
firepower-threa.html
https://www.cisco.com/c/en/us/td/docs/security/firepower/622/configuration/guide/fpmc-config-guide-
v622/firepower_threat_defense_site_to_site_vpns.pdf
THANK YOU

LLC Firepower

Uploaded by

Copyright:

Available Formats

LLC Firepower

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

LLC Firepower

Uploaded by

Copyright:

Available Formats

Cisco Firepower Basic Training

Andrelo Pagobo – Technical Engineer

- Login to Cisco account and download:

- Extract files and Create New Virtual Machine (OVF/VMDK)

- Select thin provisioning and complete the installation.

- Select thin provisioning and complete the installation.

- Connect to console and boot ASA Device

- Install FTD System Image on ASA

- Type “setup” on console

- Set IP addresses (can be the same as boot

- Follow through with the installation.

- Install FTD System Image on ASA

- Type “setup” on console

- Set IP addresses (can be the same as boot

- Follow through with the installation.

- Install FTD System Image on ASA

- Type “setup” on console

- Set IP addresses (can be the same as boot

- Follow through with the installation.

- say NO on “Manage Device Locally”

NOTE: Manage Device Locally is for FDM

- Execute command “configure manager

**** stands for encryption key

- Check feature to be activated on device

NOTE: Remember the details set during

- Select your preferred OUTSIDE and INSIDE

- Click on ADD route and configure route from

- ADD Next hop (GATEWAY) for traffic and save.

NOTE: By default, all traffic is BLOCKED (Implicit Deny)

Click OK and SAVE Changes

- To restore, go to Backup Management, select the profile

You might also like