FJBT Network Security POV Lab

GSSO Channel Engineering
dCloud
Proof of Value
NGIPSv Lab
dCloud NGIPSv Lab
Browse to https://dcloud.cisco.com
Select Login
Login in with CCO ID
Select US East Region
Select Dashboard from the toolbar
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Capture Relevant FMC Information
The Dashboard will reflect scheduled sessions
Select View for the Firepower Proof of Value
Select Details
Note the Owner and Session ID information

Owner with @ symbol is not supported
If present, use dcloud instead
Scroll down and note the Public Address
Capture Relevant VPN Information
Return to the Dashboard
Select View for the Firepower Virtual Appliance

Connection Lab
Select Details
Scroll down and note the AnyConnect Credentials
Establish AnyConnect VPN to dCloud
Establish an AnyConnect VPN to the host using
to copy the User and Password
Select the if you need to download
AnyConnect or require additional assistance
Connect to Active Directory
Return to the Firepower Virtual Appliance

Connection Lab
Select the Active Directory server and note the
IP Address and Credentials
Connect to Active Directory
Open your native RDP Client and connect to the

Active Directory IP Address
Authenticate with
Username: dcloud\administrator
Password: C1sco12345
SSH to NGIPSv
Select putty.exe on the desktop

Open the NGIPS session
Authenticate with
Username: admin
Configure NGIPSv via CLI
Change the management-port to 8443
Configure FMC IP as Public Address from dCloud session details
Use a registration key of C1sco12345 and a nat-id of 12345
> configure network management-port 8443

Management port changed to 8443.
> configure manager add <FMC IP> <Registration Key> <nat-id>
Manager successfully configured.
Login to the FMC
Return to your Host PC and open a browser
Using https, connect to the FMC Public Address from dCloud session details
Login using Owner for the FMC username and Session ID for the password
170716
Add the NGPISv to the FMC
Navigate to Devices > Device Management
Select Add > Add Device
Connect NGIPSv to FMC
Use the Host of DONTRESOLVE, Registration Key of C1sco12345, and select Cisco POV
Access Control Policy
Select the Protection, Control, Malware, and URL Filtering Licenses
Expand the advanced settings and enter a Unique NAT ID of 12345
Click Register
Troubleshoot NGIPSv to FMC Connection
Use show managers from FTD CLI to confirm FMC IP address and view status
> show managers

Host : 64.100.11.49
Registration Key : ***
Registration : Pending
RPC Status :
>
Ensure registration key and unique NAT-ID match with FMC
Enter expert mode
Use sudo pigtail to review debugging information
> expert
admin@ftd5506:~$ sudo pigtail
********************************************************************************
** Displaying logs: HTTP ACTQ DCSM VMSS MOJO NGUI NGFW TCAT VMSB DEPL USMS MSGS
********************************************************************************
[]
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Connect to 64.100.11.216 on port 8443 -
br1
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Initiate IPv4 connection to 64.100.11.216
(via br1)
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Initiating IPv4 connection to
64.100.11.216:8443/tcp
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Wait to connect to 8443 (IPv6):
64.100.11.216
MSGS: 10-07 02:21:37 ciscoasa sudo: admin : TTY=ttyS1 ; PWD=/home/admin ; USER=root ;
COMMAND=/ngfw/usr/local/sf/bin/pigtail
Confirm:
NGIPSv management-port is 8443
Shared secrets of NGIPSv and FMC match: C1sco12345
Unique NAT-ID of NGIPSv and FMC match: 12345
Configured FMC Public IP (not Private IP)
Allow adequate time for the sensor to be added and view pigtail for
current status
Deploy Access Control Policy to NGIPSv (If Required)
The Deployment may fail due to a Rule Update as a result of Bug CSCvb82371
This is mitigated by upgrading the FMC and will be fixed in a future dCloud FMC POV
Demo
Deploy Access Control Policy to NGIPSv (If Required)
If you receive this error, select Deploy
Select the checkbox next to DONTRESOLVE and click Deploy
Monitor the Task Status and wait until the deployment is successful; May take 10+ minutes
Confirm Traffic Flow to NGIPSv
Browse to Analysis > Connections > Events
If events are not populating, verify that interfaces are connected,

enabled, and the SPAN port or tap is functional.
Risk Reports
Risk Reports
Integrated into the FMC with 6.1 or later
Browse to Overview > Reporting
Select Report Templates
Generate Advanced Malware, Attacks, and Network Risk Reports
Risk Reports
Generate Advanced Malware, Attacks, and Network Risk Reports
Delete NGIPSv
to Prepare for FTD POV Lab
Delete the NGIPSv
Select next to DONTRESOLVE

Confirm that you want to delete DONTRESOLVE
SSH to NGIPSv

Open the NGIPS session
Authenticate with
Username: admin
Remove the FMC configuration via CLI
Enter the configure manager delete command to remove the FMC configuration
Confirm the FMC is removed with the show managers command
> configure manager delete

> show managers
No managers configured.
>
dCloud
Proof of Value
FTD Lab
SSH to FTDv

Open the FTD session
Authenticate with
Username: admin
Configure FTDv via CLI
Change the management-port to 8443
Configure FMC IP as Public Address from dCloud session details
Use a registration key of FTD123 and a nat-id of 123
> configure network management-port 8443

Management port changed to 8443.
> configure manager add <FMC IP> <Registration Key> <nat-id>
Manager successfully configured.
Login to the FMC
Return to your Host PC and open a browser
Using https, connect to the FMC Public Address from dCloud session details
Login using Owner for the FMC username and Session ID for the password
170716
Enable Smart License Evaluation Mode
Navigate to System > Licenses > Smart Licenses
Select Evaluation Mode
Confirm by selecting Yes
Add the FTDv to the FMC
Select Add > Add Device
Connect FTDv to FMC
Use the Host of DONTRESOLVE, Registration Key of FTD123, and select Cisco POV
Access Control Policy
Select the Malware, Threat, and URL Filtering Licenses
Expand the advanced settings and enter a Unique NAT ID of 123
Click Register
Troubleshoot FTDv to FMC Connection
Use show managers from FTD CLI to confirm FMC IP address and view status
> show managers

Host : 64.100.11.49
Registration Key : ***
Registration : Pending
RPC Status :
>
Ensure registration key and unique NAT-ID match with FMC
Enter expert mode
Use sudo pigtail to review debugging information
> expert
admin@ftd5506:~$ sudo pigtail
********************************************************************************
** Displaying logs: HTTP ACTQ DCSM VMSS MOJO NGUI NGFW TCAT VMSB DEPL USMS MSGS
********************************************************************************
[]
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Connect to 64.100.11.216 on port 8443 -
br1
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Initiate IPv4 connection to 64.100.11.216
(via br1)
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Initiating IPv4 connection to
64.100.11.216:8443/tcp
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Wait to connect to 8443 (IPv6):
64.100.11.216
MSGS: 10-07 02:21:37 ciscoasa sudo: admin : TTY=ttyS1 ; PWD=/home/admin ; USER=root ;
COMMAND=/ngfw/usr/local/sf/bin/pigtail
Confirm:
Manager configuration removed from NGIPSv
FTDv management-port is 8443
Shared secrets of FTDv and FMC match: FTD123
Unique NAT-ID of FTDv and FMC match: 123
Configured FMC Public IP (not Private IP)
Allow adequate time for the sensor to be added and view pigtail for
current status
Deploy Access Control Policy to FTDv (If Required)
The Deployment may fail due to a Rule Update as a result of Bug CSCvb82371
This is mitigated by upgrading the FMC and will be fixed in a future dCloud FMC POV
Demo
Deploy Access Control Policy to FTDv (If Required)
If you receive this error, select Deploy
Select the checkbox next to DONTRESOLVE and click Deploy
Monitor the Task Status and wait until the deployment is successful
DO NOT Confirm Traffic Flow to FTDv
The traffic generator in the virtual appliance connection lab,

vNeoFlow, has large resource requirements and is only configured
to send events through the NGIPSv, not the FTDv
Steps that follow simulate a customer POV deployment
You will not be able to verify the configuration or run Risk Reports
There is a work request with dCloud to offer a separate virtual
appliance connection demo that does push events through the
FTDv
Configuration
Object Management
Object Management: Edit HOME_NET Variable
Browse to Objects > Object Management
Select Variable Set on the left hand side
Select to edit the Default-Set
Select next to HOME_NET
Object Management
Click to create a new
Network Object
Provide a Name
Enter Network information
that matches the customer
environment
Click Save
Include the New Network Object in the HOME_NET Variable
Click Save, Save, Yes
Object Management: Edit Network Discovery Policy
Browse to Policies > Network Discovery
Select to delete the IPv4-Private-All-RFC1918
Click Yes to confirm
Object Management: Edit Network Discovery Policy
Select to Add a New Rule
Select the Users checkbox
Add the newly created HOME_NET variable to the right hand
pane
Click Save
Configuration
Configure Passive Interface

Select to Edit Device
A passive interface needs to be configured for the FTD to accept traffic
from the SPAN port or tap on the customer network
Select next to GigabitEthernet0/0
Set Interface to Passive Mode

Define a new Security Zone
named Zone_C
Click OK
Click Save
Click the Deploy button at top right to push interface configuration to
FTD
Select the checkbox by your FTD device
Click Deploy
Deployment Status
View the status of deployment by clicking the green checkmark
Deployment Status
At a customer site, the interface status for the passive

interface should turn green when the deployment completes.
In the dCloud lab, the status is not updated

FJBT Network Security POV Lab

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

FJBT Network Security POV Lab

Hochgeladen von

Copyright:

Verfügbare Formate

GSSO Channel Engineering

Login in with CCO ID

Select US East Region

Select Dashboard from the toolbar

Select View for the Firepower Proof of Value

Note the Owner and Session ID information

Scroll down and note the Public Address

Select View for the Firepower Virtual Appliance

Scroll down and note the AnyConnect Credentials

Return to the Firepower Virtual Appliance

Open your native RDP Client and connect to the

Select putty.exe on the desktop

Configure FMC IP as Public Address from dCloud session details

Use a registration key of C1sco12345 and a nat-id of 12345

> configure network management-port 8443

Navigate to Devices > Device Management

Select Add > Add Device

Expand the advanced settings and enter a Unique NAT ID of 12345

> show managers

Ensure registration key and unique NAT-ID match with FMC

Enter expert mode

Use sudo pigtail to review debugging information

Select the checkbox next to DONTRESOLVE and click Deploy

Browse to Analysis > Connections > Events

If events are not populating, verify that interfaces are connected,

Navigate to Devices > Device Management

Select next to DONTRESOLVE

Select putty.exe on the desktop

Confirm the FMC is removed with the show managers command

> configure manager delete

Select putty.exe on the desktop

Configure FMC IP as Public Address from dCloud session details

Use a registration key of FTD123 and a nat-id of 123

> configure network management-port 8443

Select Evaluation Mode

Confirm by selecting Yes

Navigate to Devices > Device Management

Select Add > Add Device

Expand the advanced settings and enter a Unique NAT ID of 123

> show managers

Ensure registration key and unique NAT-ID match with FMC

Enter expert mode

Use sudo pigtail to review debugging information

Select the checkbox next to DONTRESOLVE and click Deploy

The traffic generator in the virtual appliance connection lab,

Select next to HOME_NET

Navigate to Devices > Device Management

Set Interface to Passive Mode

Select the checkbox by your FTD device

View the status of deployment by clicking the green checkmark

At a customer site, the interface status for the passive

Das könnte Ihnen auch gefallen