Cisco Firepower 1010 Basic Configuration - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Monday, August 29, 2022

Cisco Firepower 1010 Basic Configuration

 This post shows a basic configuration step for a HA setup of two Firepower 1010. 



FDM is a web-based, simplified, on-device manager. Because it is simplified, some FTD features are not supported using FDM. You should use FDM if you are only managing a small number of devices and don't need a multi-device manager. Note Both FDM and CDO can discover the configuration on the firewall, so you can use FDM and CDO to manage the same firewall. FMC is not compatible with other managers
  • Firepower Threat Defense(FTD)
  • Firepower Device Manager (FDM)
  • Firepower Management Center (FMC)
  • Cisco Defense Orchestrator (CDO)


Diagram





Port 1 = WAN Port (DHCP Client)
Port 2 -8 = LAN Ports - 192.168.175.x
Port 7-8 = PoE Ports

Mgmt Port = DHCP Client / Manual Assign

Default login: admin / Admin


FDM Configuration

  • Login to the FDM UI using the URL https://management-ip e.g https://192.168.10.24
  • Accept any certificate errors presented by the web browser
  • Enter the username of admin and the password you set previous

Configuration Overview


Pre-Configuration

Install the firewall. See the hardware installation guide.

Pre-Configuration

Review the Network Deployment.

Pre-Configuration

Cable the Device (6.5 and Later)

Cable the Device (6.4).

Pre-Configuration

Power On the Firewall.

CLI

(Optional) Check the Software and Install a New Version

CLI or Device Manager

Complete the Threat Defense Initial Configuration.

Management Center

Log Into the Management Center.

Cisco Commerce Workspace

Obtain Licenses for the Management Center: Buy feature licenses.

Smart Software Manager

Obtain Licenses for the Management Center: Generate a license token for the management center.

Management Center

Obtain Licenses for the Management Center: Register the management center with the Smart Licensing server.

Management Center

Register the Threat Defense with the Management Center

Management Center

Configure a Basic Security Policy








Basic Configuration


Cable Connections:





Interface configuration

- WAN (0/0)

- LAN (0/1)

- Others (0/2 - 0/6)

- Mgmt Interface
You can put Mgmt interface into a different network, or you can directly hook it up into your local LAN network.That is depending on your network architecture. 






Default Route configuration



Switchport Configuration



Vlan configuration

VLAN 1 is untagged on trunk ports as it is the default native vlan. 


Trunk configuration





HA Configuration


HA System Requirements

The 2 units in the HA must:

  • Be the same model
  • Have the same number and types of interfaces
  • Be in the same firewall mode (routed or transparent)
  • Have the same software version
  • Be in the same domain or group on the FMC
  • Have the same NTP configuration
  • Be fully deployed on the FMC with no uncommitted changes
  • Not have DHCP or PPPoE configuration in any of their interfaces
  • FTD devices in HA mush have the same license
  • HA configurations require two smart license entitlements; one for each device in the pair.

https://www.youtube.com/watch?v=HY_rHkaEq30


Cable Connections

Failover link: - 172.16.40.1/30  172.16.40.1.2/30

Stateful link:172.16.50.1/30 172.16.50.2/30



LED light will show which one is active (green) and which one is passive (amber)

No comments:

Post a Comment