Beruflich Dokumente
Kultur Dokumente
dCloud
Proof of Value
NGIPSv Lab
dCloud NGIPSv Lab
Browse to https://dcloud.cisco.com
Select Login
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Capture Relevant FMC Information
The Dashboard will reflect scheduled sessions
Select Details
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Capture Relevant VPN Information
Return to the Dashboard
Select Details
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Establish AnyConnect VPN to dCloud
Establish an AnyConnect VPN to the host using
to copy the User and Password
Select the if you need to download
AnyConnect or require additional assistance
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Connect to Active Directory
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Connect to Active Directory
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
SSH to NGIPSv
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Configure NGIPSv via CLI
Change the management-port to 8443
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Login to the FMC
Return to your Host PC and open a browser
Using https, connect to the FMC Public Address from dCloud session details
Login using Owner for the FMC username and Session ID for the password
170716
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Add the NGPISv to the FMC
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Connect NGIPSv to FMC
Use the Host of DONTRESOLVE, Registration Key of C1sco12345, and select Cisco POV
Access Control Policy
Select the Protection, Control, Malware, and URL Filtering Licenses
Click Register
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Troubleshoot NGIPSv to FMC Connection
Use show managers from FTD CLI to confirm FMC IP address and view status
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Troubleshoot NGIPSv to FMC Connection
> expert
admin@ftd5506:~$ sudo pigtail
********************************************************************************
** Displaying logs: HTTP ACTQ DCSM VMSS MOJO NGUI NGFW TCAT VMSB DEPL USMS MSGS
********************************************************************************
[]
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Connect to 64.100.11.216 on port 8443 -
br1
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Initiate IPv4 connection to 64.100.11.216
(via br1)
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Initiating IPv4 connection to
64.100.11.216:8443/tcp
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Wait to connect to 8443 (IPv6):
64.100.11.216
MSGS: 10-07 02:21:37 ciscoasa sudo: admin : TTY=ttyS1 ; PWD=/home/admin ; USER=root ;
COMMAND=/ngfw/usr/local/sf/bin/pigtail
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Troubleshoot NGIPSv to FMC Connection
Confirm:
NGIPSv management-port is 8443
Shared secrets of NGIPSv and FMC match: C1sco12345
Unique NAT-ID of NGIPSv and FMC match: 12345
Configured FMC Public IP (not Private IP)
Allow adequate time for the sensor to be added and view pigtail for
current status
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Deploy Access Control Policy to NGIPSv (If Required)
The Deployment may fail due to a Rule Update as a result of Bug CSCvb82371
This is mitigated by upgrading the FMC and will be fixed in a future dCloud FMC POV
Demo
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Deploy Access Control Policy to NGIPSv (If Required)
If you receive this error, select Deploy
Monitor the Task Status and wait until the deployment is successful; May take 10+ minutes
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Confirm Traffic Flow to NGIPSv
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Risk Reports
Risk Reports
Integrated into the FMC with 6.1 or later
Browse to Overview > Reporting
Select Report Templates
Generate Advanced Malware, Attacks, and Network Risk Reports
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Risk Reports
Generate Advanced Malware, Attacks, and Network Risk Reports
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Delete NGIPSv
to Prepare for FTD POV Lab
Delete the NGIPSv
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
SSH to NGIPSv
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Remove the FMC configuration via CLI
Enter the configure manager delete command to remove the FMC configuration
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
dCloud
Proof of Value
FTD Lab
SSH to FTDv
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Configure FTDv via CLI
Change the management-port to 8443
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Login to the FMC
Return to your Host PC and open a browser
Using https, connect to the FMC Public Address from dCloud session details
Login using Owner for the FMC username and Session ID for the password
170716
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Enable Smart License Evaluation Mode
Navigate to System > Licenses > Smart Licenses
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Add the FTDv to the FMC
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Connect FTDv to FMC
Use the Host of DONTRESOLVE, Registration Key of FTD123, and select Cisco POV
Access Control Policy
Select the Malware, Threat, and URL Filtering Licenses
Click Register
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
Troubleshoot FTDv to FMC Connection
Use show managers from FTD CLI to confirm FMC IP address and view status
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Troubleshoot FTDv to FMC Connection
> expert
admin@ftd5506:~$ sudo pigtail
********************************************************************************
** Displaying logs: HTTP ACTQ DCSM VMSS MOJO NGUI NGFW TCAT VMSB DEPL USMS MSGS
********************************************************************************
[]
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Connect to 64.100.11.216 on port 8443 -
br1
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Initiate IPv4 connection to 64.100.11.216
(via br1)
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Initiating IPv4 connection to
64.100.11.216:8443/tcp
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Wait to connect to 8443 (IPv6):
64.100.11.216
MSGS: 10-07 02:21:37 ciscoasa sudo: admin : TTY=ttyS1 ; PWD=/home/admin ; USER=root ;
COMMAND=/ngfw/usr/local/sf/bin/pigtail
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
Troubleshoot FTDv to FMC Connection
Confirm:
Manager configuration removed from NGIPSv
FTDv management-port is 8443
Shared secrets of FTDv and FMC match: FTD123
Unique NAT-ID of FTDv and FMC match: 123
Configured FMC Public IP (not Private IP)
Allow adequate time for the sensor to be added and view pigtail for
current status
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Deploy Access Control Policy to FTDv (If Required)
The Deployment may fail due to a Rule Update as a result of Bug CSCvb82371
This is mitigated by upgrading the FMC and will be fixed in a future dCloud FMC POV
Demo
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Deploy Access Control Policy to FTDv (If Required)
If you receive this error, select Deploy
Monitor the Task Status and wait until the deployment is successful
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
DO NOT Confirm Traffic Flow to FTDv
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
Configuration
Object Management
Object Management: Edit HOME_NET Variable
Browse to Objects > Object Management
Select Variable Set on the left hand side
Select to edit the Default-Set
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
Object Management: Edit HOME_NET Variable
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
Object Management
Click to create a new
Network Object
Provide a Name
Enter Network information
that matches the customer
environment
Click Save
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
Object Management: Edit HOME_NET Variable
Include the New Network Object in the HOME_NET Variable
Click Save, Save, Yes
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
Object Management: Edit Network Discovery Policy
Browse to Policies > Network Discovery
Select to delete the IPv4-Private-All-RFC1918
Click Yes to confirm
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
Object Management: Edit Network Discovery Policy
Select to Add a New Rule
Select the Users checkbox
Add the newly created HOME_NET variable to the right hand
pane
Click Save
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
Configuration
Configure Passive Interface
Configure Passive Interface
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
Configure Passive Interface
A passive interface needs to be configured for the FTD to accept traffic
from the SPAN port or tap on the customer network
Select next to GigabitEthernet0/0
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
Configure Passive Interface
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
Configure Passive Interface
Click the Deploy button at top right to push interface configuration to
FTD
Click Deploy
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
Deployment Status
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
Deployment Status
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53