Beruflich Dokumente
Kultur Dokumente
October 2017
POV Process
Install FTD
dCloud
Configuration
Risk Reports
Sanitize
Agenda
POV Process
Partner Executed POV
Well-established process to ensure success and drive partner profitability. The Fire Jumper
program builds competence with Cisco solutions and prepares partner SEs for POVs. Individual
and partner incentives and promotions help to migrate Cisco and competitive installed base.
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
On-Site POV Process
Software Download
Software Installation
Bootstrap
Licensing
Initial Configuration
Customer Report Generation
Device Sanitization
Find
Opportunity
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
POV Methodology
Find Presentation
Opportunity & Demo
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
POV Methodology
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Proof of Value
Deployment Options
On-Site Sensor and FMC
Build VMware ESXi server
Internet
Download and install FMC VM
Add Licenses to FMC
Update FTD Software
Firewall Place FTD on span or tap port
Configure Policies:
span / tap System
FTD
Switch Health
Intrusion
File
Access Control
Perform POV
FMC
Generate Risk Reports
Users Active
Directory
VMware Risk Sanitize (FTD, FMC)
ESXi Reports
LAN
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
On-Site Sensor and dCloud FMC
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Install FTD
FTD Sensor Installation Steps
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Download FTD Software
(5515-X Example)
Go to: http://software.cisco.com/download/navigator.html
Navigate to Downloads Home > Products > Security > Firewalls > Next-Generation Firewalls
(NGFW) > ASA 5500-X with FirePOWER Services > ASA 5515-X with FirePOWER Services
> Firepower Threat Defense Software
Select the following options and download the versions listed below or later.
Firepower Threat Defense for ASA 55XX series
v6.1.0 (ftd-6.1.0-330.pkg)
Firepower Threat Defense v6.1.0 boot image for
ASA 5512/5515/5525/5545/5555 devices
(ftd-boot-9.6.2.0.cdisk)
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Confirm Health of SSD
FTD is factory installed on ASA5500-X FTD SKUs
e.g. ASA5525-FTD-X; SF-ASA-TD6.1.0-K9 Base Software
Installation for FTD on a ASA5500-X platform requires one or two SSD drives
ASA5500-X-SSD12= SKU
Name: "Storage Device 1", DESCR: "Unigen 128 GB SSD MLC, Model Number:
Micron_M550_MTFDDAK123MAY"
PID: N/A , VID: N/A , SN: 12345678900
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Install FTD
Verify & Upgrade ROMMON Image
Check ROMMON Version
Only Required for ASA 5506-X series, ASA 5508-X, and ASA 5516-X models
ROMMON version must be 1.1.8 or later to reimage to FTD
View current ROMMON in Mod 1 of MAC Address Table
show module
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Download the ROMMON Image
(5506-X Example)
Go to: http://software.cisco.com/download/navigator.html
Navigate to Downloads Home > Products pane. Continue to navigate to Downloads Home >
Products > Security > Firewalls > Next-Generation Firewall (NGFW) > ASA 5500-X with
FirePOWER Services > ASA 5506-X with FirePOWER Services > ASA Rommon Software
Select the following options and download the versions listed below or later
ASA ROMMON Software (asa5500-firmware-1108.SPA)
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Upgrade the ROMMON
ciscoasa# config t
ciscoasa (config)# interface management1/1
ciscoasa (config)# ip address 10.10.200.3 255.255.255.0
ciscoasa (config)# ping 10.10.200.2
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Upgrade the ROMMON
Copy the ROMMON image to ASA flash memory with the copy command
ciscoasa (config)# copy tftp://10.10.200.2:/asa5500-firmware-1108.SPA
disk0:asa5500-firmware-1108.SPA
Address or name of remote host [10.10.200.2]?
Source filename [asa5500-firmware-1108.SPA]?
Destination filename [asa5500-firmware-1108.SPA]?
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[]
!!!!!!!!!!!!!!!!!!!
9241408 bytes copied in 10.240 secs (924140 bytes/sec)
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Verify Upgraded ROMMON Version
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Install FTD
Access the ROMMON
ciscoasa# reload
System config has been modified. Save? [Y]es/[N]o: N
Proceed with reload? [confirm]
ciscoasa#
***
*** --- START GRACEFUL SHUTDOWN ---
Reload the ASA and press Esc during Shutting down isakmp
startup when prompted []
*** --- SHUTDOWN NOW ---
If you see, Launching BootLoader Process shutdown finished
you waited too long and must reload Rebooting.....
[]
the ASA again Booting from ROMMON
[]
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot interrupted.
Management0/0
Link is DOWN
MAC Address: a0ec.f938.fdac
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Configure IP Settings
ASA 5512-X, 5515-X, 5525-X, 5545-X, and 5555-X
o Use interface management 0/0
rommon #0> interface management0/0
o Boot image file extension is .cdisk rommon #1> address 10.10.200.3
rommon #2> server 10.10.200.2
ASA 5506-X Series, 5508-X, and 5516-X rommon #3> gateway 10.10.200.1
rommon #4> file ftd-boot-9.6.2.0.cdisk
o Use interface management 1/1 rommon #5> set
ROMMON Variable Settings:
by default and do not require ADDRESS=10.10.200.3
the interface command SERVER=10.10.200.2
GATEWAY=10.10.200.1
o Boot image file extension is .lfbff PORT=Management0/0
VLAN=untagged
IMAGE=ftd-boot-9.6.2.0.cdisk
CONFIG=
LINKTIMEOUT=20
PKTTIMEOUT=4
RETRY=20
rommon #5> sync
Updating NVRAM Parameters...
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
rommon #6> ping 10.10.200.2
Download the Boot Image Sending 20, 100-byte ICMP Echoes to 10.10.200.2, timeout is
4 seconds:
?!!!!!!!!!!!!!!!!!!!
Success rate is 95 percent (19/20)
rommon #7> tftpdnld
ROMMON Variable Settings:
ADDRESS=10.10.200.2
Ping to verify connectivity to SERVER=10.10.200.3
TFTP server GATEWAY=10.10.200.1
PORT=Management0/0
Enter tftpdnld to load boot image VLAN=untagged
IMAGE=ftd-boot-9.6.2.0.cdisk
CONFIG=
LINKTIMEOUT=20
PKTTIMEOUT=4
RETRY=20
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
ciscoasa-boot> setup
Establish temporary connectivity to HTTP or Do you want to configure static IPv6 address on management
interface?(y/n) [N]: N
FTP server to download system software Stateless autoconfiguration will be enabled for IPv6 addresses.
Enter the primary DNS server IP address: <DNS Server>
Do you want to configure Secondary DNS Server? (y/n) [n]: N
Only HTTP or FTP supported for system Do you want to configure Local Domain Name? (y/n) [n]: N
software installation Do you want to configure Search domains? (y/n) [n]: N
Do you want to enable the NTP service? [Y]: Y
Enter the NTP servers separated by commas: <NTP Server>
Do you want to enable the NTP symmetric key authentication? [N]: N
Please review the final configuration:
[]
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Install FTD System Software
Use the system install command to install the system software
asasfr-boot> system install ftp://admin:C1sco12345@10.10.200.2/ftd-6.1.0-330.pkg
Reboot is required to complete the upgrade. Press 'Enter' to reboot the system.
See the Reimage the Cisco ASA or FTD Device document for additional details:
http://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html
Install FTD
Allow 30 minutes or longer for installation and reboot the ASA when prompted
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
You must change the password for 'admin' to continue.
Enter new password: <new password>
Install FTD Confirm new password: <repeat password>
You must configure the network to continue.
You must configure at least one of IPv4 or IPv6.
Change the admin password Do you want to configure IPv4? (y/n) [y]: Y
Do you want to configure IPv6? (y/n) [n]: N
Configure IP addresses & other Configure IPv4 via DHCP or manually? (dhcp/manual) [manual]:
settings as prompted based on Enter an IPv4 address for the management interface
[192.168.45.45]: <FTD Management IP>
the Data Collection Worksheet Enter an IPv4 netmask for the management interface
[255.255.255.0]: <Netmask>
Select no when asked to
Enter the IPv4 default gateway for the management interface
manage the device locally [192.168.45.1]: <Default Gateway>
Enter a fully qualified hostname for this system [firepower]:
Risk Reports are not supported
<hostname>
via the on-box Manager, Enter a comma-separated list of DNS servers or 'none' []:
Firepower Device Manager <dns servers>
Enter a comma-separated list of search domains or 'none' []:
If your networking information has changed, you will need to
reconnect.
For HTTP Proxy configuration, run 'configure network http-proxy'
Manage the device locally? (yes/no) [yes]: <no>
Configure firewall mode? (routed/transparent) [routed]:
<transparent>
Configuring firewall mode ...
[]
>
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Reconfigure Management IP Address
(If Required)
Changed via CLI configure network command
Select Login
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
dCloud Features / Access
Setting up a dCloud POV Sessions
Browse to http://dcloud.cisco.com
Select Login
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
dCloud Features / Access
Setting up a dCloud POV Sessions
Browse to http://dcloud.cisco.com
Select Login
Select Schedule
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
dCloud Features / Access
Setting up a dCloud POV Sessions
Browse to http://dcloud.cisco.com
Select Login
Select Schedule
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
dCloud Features / Access
Setting up a dCloud POV Sessions
Browse to http://dcloud.cisco.com
Select Login
Select Schedule
Select Schedule
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
dCloud POV Duration
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
Configuration
Connect FTD to FMC
Capture Relevant FMC Information
The Dashboard will reflect scheduled sessions
Select Details
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
Configure FTD via CLI
Access FTD CLI
The dCloud default registration key is C1sco12345 and the default nat-id is 12345
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
Login to the FMC
Browse to the FMC using https to the Public Address from dCloud session details
Login using Owner for the FMC username and Session ID for the password
326411
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
Enable Smart License Evaluation Mode
Navigate to System > Licenses > Smart Licenses
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
Add FTD to FMC
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
Connect FTD to FMC
If using dCloud:
Use the Host of DONTRESOLVE
Registration Key of C1sco12345
Cisco POV Access Control Policy
Expand the advanced settings and enter a
Unique NAT ID of 12345
Select the Malware, Threat, and URL Filtering
Licenses
Click Register
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
Troubleshoot FTD to FMC Connection
Use show managers from FTD CLI to confirm FMC IP address and view status
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
Troubleshoot FTD to FMC Connection
Open a POV TAC case through your Cisco GSSO CSE as required
> expert
admin@ftd5506:~$ sudo pigtail
********************************************************************************
** Displaying logs: HTTP ACTQ DCSM VMSS MOJO NGUI NGFW TCAT VMSB DEPL USMS MSGS
********************************************************************************
[]
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Connect to 64.100.11.216 on port 8443 -
br1
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Initiate IPv4 connection to 64.100.11.216
(via br1)
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Initiating IPv4 connection to
64.100.11.216:8443/tcp
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Wait to connect to 8443 (IPv6):
64.100.11.216
MSGS: 10-07 02:21:37 ciscoasa sudo: admin : TTY=ttyS1 ; PWD=/home/admin ; USER=root ;
COMMAND=/ngfw/usr/local/sf/bin/pigtail
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
Configuration
Object Management
Object Management: Edit HOME_NET Variable
Browse to Objects > Object Management
Select Variable Set on the left hand side
Select to edit the Default-Set
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
Object Management: Edit HOME_NET Variable
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
Object Management
Click to create a new
Network Object
Provide a Name
Enter Network information
that matches the customer
environment
Click Save
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
Object Management: Edit HOME_NET Variable
Include the New Network Object in the HOME_NET Variable
Click Save, Save, Yes
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53
Object Management: Edit Network Discovery Policy
Browse to Policies > Network Discovery
Select to delete the IPv4-Private-All-RFC1918
Click Yes to confirm
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54
Object Management: Edit Network Discovery Policy
Select to Add a New Rule
Select the Users checkbox
Add the newly created HOME_NET variable to the right hand pane
Click Save
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55
Configuration
Configure Passive Interface
Configure Passive Interface
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57
Configure Passive Interface
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58
Configure Passive Interface
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59
Configure Passive Interface
Click the Deploy button at top right to push interface configuration to FTD
Click Deploy
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60
Deployment Status
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 61
Deployment Status
When the deployment completes, the interface status for the
passive interface should turn green.
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 62
Confirm Traffic Flow to FTD
If events are not populating, verify that interfaces are connected, enabled,
and the SPAN port or tap is functional.
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 63
Risk Reports
Risk Reports
Integrated into the FMC with 6.1 or later
Browse to Overview > Reporting
Select Report Templates
Generate Advanced Malware, Attacks, and Network Risk Reports
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 65
Risk Reports
Complete close-out meeting with
customer
Focus on Win Criteria and differentiating
value of Cisco Solution
Propose Bill of Materials
Submit Assessment for incentives
through SIRE www.cisco-sire.com
Review Cisco Funded Network
Assessment Post for more information
https://communities.cisco.com/docs/DOC-65405
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 66
Sanitize
Device Sanitization
End dCloud session which will automatically delete the FMC VM and
any customer information
Erase and reformat the FTD File System
FTD should not be powered off with a switch or by pulling a power cord. Disk corruption
can occur, and can cause problems with deploying policies or upgrades later.
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 69