Cisco CCNP Security 300-710 SNCF – Cisco NGFW Firepower Threat Defense (FTD) Part 2

24. Lecture-24:Configure and Setup Cisco FTD Lab for FMC Access.

Done with single deployment. Now our target is the main one, where we will use FMC Firepower Management Center to control many devices from a centralized location. So inside I will use Linux docker you can use Linux tiny core if you are using Community edition of EV, you can use this free one and you can use Cisco Firepower as 6. 3 which require less Ram in CPU. And you can use Cisco Firepower FMC. This version, even though I will use 6. 7 and we will use Cloud One as a management access again, I will also use this Cloud One as a sorry, I will use Management Cloud as a management, but in your case you can use Cloud One in the net cloud. I will use Cloud One and Management. I will use Management Cloud. And my scenario is a bit different. This the old file inside subnet, we will use 192, 168 one, and our topology will be like this, which will be a bit different. So I will come back, let me start the devices because it will take time. So what I need, I need one switch. So let me take this switch, Cisco via switch and let me change the name to SW for internal communication, I need this switch. Okay, and now I need some system, but before that let me connect this device because it’s take time to boot up. So I will use again, we already know that you need to connect. Also we need to connect management as well here. So let me connect management as well.

Okay, so I connect the FTD management to switch and also the inside interface, okay? So inside interface we will use G one. We already know that zero slash one is for inside it’s okay, but if you want it’s better, so I connect zero one inside, and now I need a cloud. So I will go to network, okay? And here I would say Internet to change the name and to change the icon and Professional one. In your case it can be Cloud. So it’s okay, no issues. So let me take this global Cloud. And for the Internet, I will use cloud one. Cloud One is my internet access, okay? I can use Net as well if you are using Professional Edition. So I say cloud one. Okay. And here is my Cloud one. And let me connect the zero slash zero interface to outside. So this is Internet, okay? And now this FMC is connected here for management and real world. Mainly there are VLAN created, but I don’t need VLAN right now. I don’t want to confuse you, okay, so let me start this device, and let me start this device. So these will boot up and then we will configure rest of the configuration. Now what I need, I need some inside devices. One of them I will use Docker because I’m using Professional Edition. In your case, you can use this one Linux tiny core as a docker, which can be run on community edition.

So here I will take Gu server and I will say this one PC one docker. So I give them a name, PC One. And D means it’s the docker, so that I know I am using a docker here. Okay? And let me change the icon to something because later on it will be a server for us as well so let me assign them a server okay? So let’s go to server and Linux Server because this docker can be used as a client and you can use as a server as well so later in the course we will need as a server 1 second thing I need is Kali Linux. Later in the course we will use this Linux. Right now I will use as a client. But later on we will use to do attack. So I will use Linux Kali 200:19. You can now just copy paste and you can use them straight away. The images which I already share. So PC two and this should be PC two L. Let me give them capital PC Two. And this should be Kali with Kali. And there should be Linux with Kali linux image. If I have So, it will be better. Otherwise we can use any other image. So let me go to Linux with L. There should be and there’s this one. Yeah, here is Kali and here is Save. So right now this my Kali. Linux is a second system. Third system I will use window. So let me put a window. You can use Windows XP and you can use Windows Seven.

It’s up to you. This will require less CPU and Ram, it’s up to you. Let’s take windows seven in my case. And the third one, I will say PC three window with W so that I know this. I’m using window. And let me give them this one and save. Okay, so it’s better to make this one here, this one in the middle to look like better. Okay. And here is okay. Now, what else I need? I need a management to reach here so here I will say network again but this time I will change the name to Mgmt give them any name and it’s better to give them desktop and the one I’m using to connect to my management, basically management. Here is my WiFi router so I will use this one to assign the same range to management. Okay, so I will assign this here and done. So now the management part is done and now need the inside devices so let’s connect this one to PC docker Kali, Linux sorry and then the second one is this one is Docker which we will use as a client right now later on we will use them as a server and what else do I need?

This one window PC okay so my basic connectivity are done which I need and let me start this switch as well and right now this docker is enough for us and I will start window as well kali Linux I don’t want to touch them but let me make edit style and let’s change this to Flowchart and Save and this one should be straight away and we will make this one as well edit style and you can go to Flowchart okay and it should be a bit down and it should be like this way and you can select them and if you want to sorry, I’ve done a bit of mistake it should be this one and vertical yeah okay so these are the three system and let me change this one to the G zero slash zero should be equal like this one and let me make this one as well a bit good one yeah okay no, just yes okay it’s done okay now the IP schema which I need so here I already know which IP schema we are using by the way I need one docker here as well so let me put one more docker here go to node and type docker if you are using Professional otherwise you can use the other one tiny Linux so let me get this one and let me change this to server Linux and external server we will need this letter so it’s better to put them right now so let’s go to and this is our external somewhere in the internet there is a server with external server okay and let me change this style as well to this one and let me put them here by the way okay, why not I on these two devices because these are docker and there is a different way to assign the IP addresses but before that I need a IP schema so go to text and let’s type the N site 192 168 to one three okay and let me change this to green and bold so one three is sorry, sometimes it takes a bit time to catch them yeah here is so one dot three is our window PC duplicate okay and this so PC one is one one okay and Kali Linux is one three this is our internal subnet which I told you there in the lab so let me go to one two okay so these are the IP inside here, just the management and this one so let’s go to duplicate them so inside we are these devices are connected I will assign the last IP to 54 so this is my gateway for these PC and the management one is different because this PC connected to for management purposes well so the management I’m using in my WiFi subnet so my WiFi subnet is 100 in your case it can be something else so it’s 100 200 I will assign to give this IP because maybe the first. Two, three IP are used in my house. So that’s why I gave them 200. N management is in blue color. So what we will assign to what is called FMC which is a management center. So here we will assign 210. And this is my PC management where I am now. So maybe my one is 100, 203, I don’t know. Okay, so this side IPR done. We are using 192 168 to one inside. This is our subnet. Now coming to outside. So outside my subnet is the one one four.

In your case it can be something else. So let me go to one one four. And this is one. This is IPIP. This internet one is this IP. And what we will do, one of the system which is on the internet has IP 1114, supposed 250, very far away IP. So we assign this IP to this docker, maybe we will need in the future. Now what about this exit interface? I can assign static IP and I can assign through DHCP. But it’s better now to assign a static IP rather than to get from ISP. So let’s do this one. And here I will assign IP. Suppose here as well.

254, the last IP, the last useful IP. So that’s the outside interface detail. Now coming to assign IP. So first I need to go to window and one three IP address 255-25-5255, subnet mask and gateway 1254 docker I will assign a bit later. So let’s do this one window. So let me go to window PC and password is test one, two, three by deferred when you install this window TN uppercase. Okay. And now I’m in Nsite PC three, which is a window PC. And I need to assign one three IP. So restart letter and let’s click on this one. And let’s go to change interface. Go to local interface property. Okay. And uncheck IPV six. Click on IPV four. The IP which we decide 192, 168, one three gateway is 192, 168, 1254 and DNS. We will use eight eight. And if you want second one. So one one. So this is my DNS and IP detail. So this PC is done with IP address. So for this purpose this PC is ready. But maybe I require another PC. So let’s assign IP to this docker. So assign IP to docker is a bit different in Professional Edition. This the way to assign. So one one is by chance, IP is also this 1192 and 60 at one one. But our gateway is not 100 this time 252 54. This is the way to assign IP in gateway and also DNS to docker. When you are using Professional edition you just need this script. So I copy the script and what you need to do, go to Startup configuration, click on PC one docker, paste the script here, click on Save button, then click on this to green them and close. But I have external as well.

So let’s go to Startup Configuration. And there is external server. Paste this one. But in that case it’s one, one four and IPS 250 and gateway should be one one 4254. Click Save and on this one and close. Let’s check out that the PC one docker. Get the IP address or not. That’s the way to assign IP and E professional to docker. Okay, so let’s click on this one and open and Remote Desktop. And we’re going to check the IP address. Click OK and let’s check out the IP address is okay or not. So go to application system two. There is made terminal and type F config ethernet zero so you can see IP address is this one. Let’s ping the window PC 192 168 to one three. So it’s pinging, it means it’s working okay, and done. So our darker is okay. So definitely this one will be okay. I don’t need right now. That one. Okay. So this was the initial IP. The FMC which I’m using is 6. 784. The FTD, which I’m using 6. 70 85 and inside I’m using window and linux docker and Kali linux. Our inside subnet is one, outside subnet is 1114. Management subnet. This one is wrong. Right now we are using 100. Okay? Gateway is 100 but right now we are using 254. I changed something,

okay? I already told you. So these things are a bit different. Fmcv management is 100 210, FTD management is 100 200. Okay? And then management PC is one two, this one okay. And this is our topology. But I done some changes in that one. And here is our FTD which we will configure and access them from FMC rather than to deploy them locally which we already done. Now the scenario are changed if you are using this. So the Eve interfaces work the cloud. Normally students are confused and cloud, how the cloud are working. Easy way is what you can do. Right click and network click a cloud, leave it bridge. Bridge is just good for nothing. Start from management cloud one, cloud two, connect them to the router and check IP DHCP which range they are getting. This is the easy way to get them. So I was talking about how it is working. So basically let’s start from here. Management means the first interface, this one. So whatever you set the first interface and you are VMware. So that one is management cloud zero. Then the second interface is cloud one. Third. Interface is Cloud two. Fourth interface is Cloud three. It work like this. Okay? So if you are using your own window so put the Ram up to twelve GB and extra hard drive. You need to add the first interface means Cloud Management, cloud second interface cloud one like this one. So start if you are using a community edition so the work are different. Then management means the net which I’m using. You also can use the same. And cloud one I use VM net two. Okay? And here is the subnet which I’m using. If you want to do it like this. So VM net two, my range is ten and VM net eight, my ranges 1114. So right now I’m also using 1114 range. So what I done basically and Professional edition no if you have what is called, let me log in to show you root. This is the password which set by some others. I’m using the same what I was telling okay so what I done, if you are using Community edition and ESXi so what you can do because you need two different subnet one internet and other your management but it’s difficult. So what I done, I install PF sense. You can download a small file and you can import them virtual machine and I will show you the video in a different way. But just to show you create and install this VMware, this PF Sense. So what this PF Sense do, they will give you an extra subnet.

Here is so the first one they will get from 119 is what is my home subnet and the other one is the lane one is one one four and that’s the gateway which we will use them. So on 1114 they are giving me internet. Because you will need two separate things. One for management purpose, okay? So management is 100. So then how you will get internet? Because you are already using the same subnet or your home subnet for management purpose. But what about the internet? So what I done, I’m using PF sense even though in professional you have a net cloud. But this is a small tip for those who is using ESXi but using Community edition then you can install PFS. Okay? And I assign two interfaces to them if I go to so what I done, the first interface is my home subnet and second is outside from where this outside came. So after a vain struggle and so many things what I find so if you go to network I have created port group with outside with DMZ and inside and just change the VLAN detail just click here nothing okay? And just put VLN 40 that’s it and create so many. If you want the only thing you need to do, you need to promise you mode.

You need to accept even I enable on V switch so I don’t need sweat and here it from there. That’s the only thing which I face issue as well. Initially if you are not accepting so it will not work, it will not ping and you will say what the hell is wrong? So that’s the other thing you need to remember. And then first time I was confused how to distinguish different subnets. So then I create port group which is the easiest one. So you can use this one. So I’m using in this even though in professional Edition there is a net cloud automatically. Maybe you are thinking that why not to use net cloud but if you are using Community edition these three things are not there internal, private and net. You will see bridge and then straightaway management cloud one, cloud two then you can use this tip. I will record a video for the PFS, how to use them and how to get internet from that way. Okay, so here I was so this is the lab setup, okay? This is our topology, these are the subnet and these are the devices which we are using but it’s not these. Basically we are using updated devices. Okay, done. So now in next we will configure one by one those devices.

25. Lecture-25:Firepower Threat Defense First Time Configuration.

Have this type of topology, which is this one. I want to configure FTD first time. But this time we I will supply them different thing before we done it locally. This time it will come under FMC. So this time there will be a slight changes. So what we can do first you need to log into this device by Ft Edmund and Edmund one, two, three a is in uppercase. Then we will accept the End User License agreement by yes which we’ve done there as well. Then I need to type the password. Then the IP address manually. We will put the management IP. In our case we have 100 200 and we will put the name hostname and DNS in those detail. And after that here is the different part. This time I will say that manage the device locally. I will say no. Then second thing they will ask me you want to deploy them in routed mode and transparent mode. If you say locally didn’t there is no transparent mode. Okay. And after that we will check our configuration by the command show network to check all our detail. And then we will ping our gateway and maybe internet as well. So it’s working or not. So that’s the way to configure FTD first time. So let’s go to FTD, click on FTD, go to console and let’s configure them first time login admin. Maybe I can make them bigger scale to window and FCF.

Can I? Yes. Okay, so the firewall login detail is admin. Password is admin. One, two, three in upper case, first time by default username and password. So you see, we are using 6. 7 and build 65. This the version KVM. So this is the End User license agreement. Type enter space bar space bar space space and you can press argue until in. Unless you receive this one end User License agreement and type yes and enter. This is the first time configuration. Enter a new password. A-B-C at the rate 12345. A-B-C at the rate 12345. This is my new password with A in upper case and ABC at 12345. Okay, so I confirm the password. Now it’s asking do you want to configure IP? Four yes. Yes is already yes, do you want to configure no is already selected. You can type in either. You can type enter manual. So manual is already there. Enter this, the default IP 45 45. In our case we decides 192168 100, dot 200 and enter subnet mask is similar. Gateway is different.

Our gateway is 192168 100 dot one, which is my home router IP. Then they say fully qualified domain name FTD. I give them this name. Then they say DNS server. So if you want so let’s put 888. Okay. Then the domain name. I don’t want to put domain name. You can put any domain name we will use later. So we will reconfigure it. So now they are checking everything. Now they will ask me, you want to configure them locally, either through FMC centralized location. So let’s see what they’re going to ask me. Yes, so manage the device locally.

This time I say no. Device locally, no. Then the second question they will ask me, okay, in which mode you want to configure? So I will say in routed mode. Right now I need in routed mode. Later we will do in transparent mode as well, just like in Cisco essay. So manager device locally, I say no, keep in mind. So I put no this time. And let’s see, the second question should be in routed mode, either in transparent mode. Okay, so let’s check out. It takes some time to show up the next year. So they say routed is already selected. I can type and I can enter this up to you select enter. So now configuring firewall mode and mode which we choose is routed mode, okay? And after a while it will show us the prompt. So let’s see if they can show us the prompt. Then we will use a ping command to test, and then we will check gateway and other stuff as well. So it’s reachable or not, just to make sure. Okay, so it will take some time. Okay, let’s see, it will show us the prompt.

So this is the first time configuration of FTD. The only thing this time we change. We say that manate the device locally, we say no. So then it’s asked second question. So we say routed mode. These are the two different things when you want to deploy them, okay, you can change anytime from local to this one, either to this one. So don’t say that. Maybe if I deploy them locally, and then I want to move them to Fmcra canoe issue. Okay, you can register the sensor to a Firepower Management Center. Now they know that I will work with Firepower Management Center, which we call them FMC. So they show us the detail, all the detail. They say register them, we will do registration a bit later. And that’s the prompt control l to clear the screen and show network configuration. Network configuration. Okay, I done a mistake. There is network. Show network is enough. So show network now is the detail. So my DNS server is eight, eight, eight. Management port is 8304, gateway is 100 dot one net mask is nothing. Okay, everything is enabled, blah blah blah, and everything. They are showing us the detail, which we configure 100, 200, the management IP which we configure manually and gateways. This one list ping, so ping system 192, 100 and 6800. One mygateway. So yes, I’m reachable to my gateway and let’s ping. What else? Eight eight. Because on this management internet is there. So yes, I can reach to DNS as well and let’s ping by name, so that the DNS is working or not. So sorry, ping a system@yahoo. com or something@yahoo. com. So yeah, it’s pinging and everything is okay. So that’s the installation. First time configuration of FTD. Let me make them smaller and let’s go back if I missed something. So we put the detail, we say no and then routed mode, then show network to check the detail, and then we ping the gateway and some other stuff. So this is the first time configuration of FTD.

26. Lecture-26:Firepower Management Center First Time Configuration.

Let’s Configure FMC Firepower Management Center first time? This is our topology which we are using and I want to configure FMC first time the IP management IP which we decide is 210. OK, so how we can configure them first time again you need to log in with admin and password as admin one, two, three same like a FMC TD. So when you log in so it will take you to another prompt. You can change that prompt by command sudo config network same like a Linux command. You can use the same Linux command here it will ask you to put the password and then it will take you to that prompt and here you need to type command config network and if you are using dollars and it means common user then you need to use pseudo sudo means super user do. This is the Linux command and this is also based on Linux. Okay? So that’s why and then we will put the management IP gateway, subnet mask and IPV six no that’s it and it will be configure. So it’s very easy rather than FTD, it’s very easy to configure. So let’s do how we can configure them first time. So I’m here, let me make them full screen and type administrative FMC this time not FTD. Keep in mind admin one, two, three a upper case. So it’s take me on this prompt sorry, a new FMC.

You see the version is 6. 75, it will take you here. In the old version it will take you to another prompt. Here you need to type expert. Expert means that the mode we will discuss this when we will do CLI. Now it says that admin is user. FMC is the name of this device. And dollar sign means you log in as a common user. In linux it will show you and that tilde thing it means they see home directory if you say PWD. I think so it will show you this to linux print working directory you say virim so it will show you in volume home edmund and FMC is the device name, edmund is the user and the still that means you are in this directory. And dollar means you are as a common user. But I don’t need common use because I will run every command with sudo. Sudo means super user do in Linux. So what can I do so that I don’t want to type the sudo all the time?

So what you can do, you can type pseudo sudo super user do switch user that switch my user and enter now it’s asking you the password. So admin one, two, three now you can see there is rather than a dollar sign now there is a sign up what is called hash sign either pound sign it means you are logging as a super user and root and you can see there is a root. I don’t know how to show you guys here root even though I’m admin, but now I have a power to run the command directly. It’s up to you. I’m not saying to go to this one, but it will be easy for you otherwise. In Linux every command when you run it, you have to type sudo and then every time you need to type the root password to do a job. So I say in expert mode first time when I log into FMC PWD libit this is a Linux command. I say print working directory to show me. I say sudo su take me to the root super user. And now I’m here. So next command is configure network. Sorry, configure network. This is the command to configure FMC first time. It’s not like FTD to show you everything directly and enter. The first thing is ask you do you wish to configure IP four? Yes.

Why? They say what is the IP you want to give? So I say 192, 168, 100, 210 they say what is the management net mask? So 2553 time what is the gateway? 192168 101. And they said are these sitting correct? Yes, that’s it. Do you wish to configure IPV six? No. So it’s so easy. But the only thing is you need to type a command to configure first time FMC there it will show you directly here. I type the command config network command. You can type this command directly in the above one, where dala sign is here. But you need to type a command sudo and then type config network, which I show you here sudo whereas sudo config network. So it’s up to you. You want to I know it will ask you the password admin one, two, three every time you need to run a command with sudo. So what I say rather than to type this again and again, I say sudo su, take me to the powerful user and then I type the management IP gateway and no, that’s it. And now it’s configure.

So let’s go to its configure or not? Yes, it’s come up now and control l my details configure and let’s ping. There is no system you can ping directly 192168 100 dot one, which is my gateway. Yes, I can ping and then 200, which is FTD IP. Yes, I’m reachable to FTD as well and les ping eight. I’m reachable to DNS ses and lesping@yahoo. com something so that I can check. DNS is working. Yes, so everything is working. And my FMC first time is ready now, rather than to take a FTD first time browser base that was a local. Now I need to log into FMC type the management IP. So let’s go to management. IP. Let me zoom out this one and https 192 168 100 210. This is the Fmcip Firepower Management Center. Not FDM FDM. Not anymore. Type the password admin and enter edmund one, two, three so now I’m here. Okay, if you want to do first time, maybe it will prompt you to change your password and everything, but in my case it did not ask me. Let’s see if this one is already done or not yet. Still is under running, so leave it. So now I’m in Firepower Management Center and just the Management Center from where I can configure and I can monitor and I can deploy the policy from centralized location to FTD.

But we have only right now one FTD. This one. But how it will control this one? So, like a window, when we join our active directory, you need to join FTD to FMC, which is our next thing. But right now I put the management IP and put the password. And then we’ll ask you to change the password, which they did not ask me, because I’m using the old one. They will ask you to put the detail and blah, blah, blah and they will ask you to activate the license 90 days license, okay, which is already activated. Let’s see if I go to configuration, either go directly to setting and there is a smart license, okay. So they will ask you, which is already activated, to activate this license, and then summary dashboard, which I can see. And they said this is the FMC first time configuration steps. The configuration was easy as compared to FTD. Okay.

• Category: Uncategorized