Cisco CCNP Security 300-710 SNCF – Cisco NGFW Firepower Threat Defense (FTD) Part 3

27. Lecture-27:Activate Smart License Evaluation Mode in Cisco FMC.

You need to activate Smart license. Smart license is evaluation mode license where you can use all the capability like a control file, control malware and URL filtering, IPS and all those things if you want to test them. So you need to activate 90 day license and if 90 days is already done, then you can drag a new one and and then you can use them again for 90 days. So how to do it? If it is not, then you can go to otherwise a new one. It will ask you initially to when you first time login to Firepower Management Center. It will ask you to enable 90 day license but in case if you miss, so you can go to setting there’s the gear icon and there is a smart license. So smart licenses for 90 days just to provide you to test everything. In my case, it’s all the reason, otherwise there will be activate. You can activate NS 89 days. Okay. NS. Evaluation mode. Okay.

ND these are the which is not in use smart License based malware related. Nobody is using right now because we don’t have FTD yet register. This is a Management Center thread and URL filtering any connect and any connect plus and any connect VPN. So these are the smart license detail. Right now none of the device is using this smart license. A bit later it will show you one one one when we register FTD here and it will show you the days, how many days are left. So you can check from here. And in case if it is not so you can enable them from here, but right now it’s already enabled. Okay? So you can go to system. Why? Because it’s the old one. If I change this to the old classic one. So here will be system written now it’s system. This is the old model layout. So I say system and go to license and here should be activated and you can see 89 days. And these are the detailed. So that’s why it’s showing you something different. Because it was taken the screenshot and the old one. Right now we are using the new one and new one you can go back any time. So I say switch to a live theme the new one. So now it will go to the light theme of Cisco the new one. So this one and you’re should be evaluation Mode enable this one type yes means enter yes either click yes and then it will enable and it will show you state of 89 days. One day will be deducted already. So that’s the way to activate very important. Otherwise you will not test anything.

28. Lecture-28:Register and Verify Cisco FTD Firewall to Cisco FMC.

Next thing is how we can register FTD to FMC. Cisco Firepower Management Center. Because we say Firepower Management Center is a centralized device which we can configure, we can monitor, we can push policy to FTDs. It’s like a two directory. And then you can join the system to join in the active directory. This is what we do here. Normally, the same thing you can do with every FTD to join FMC. How so the first thing is, if we go to our FTD this time in this FTD, keep in mind this one. I’m in this FTD, you need to type Show Manager command. Show Manager will show you that is there any configuration of these devices? So they said no. Manager configure means no one is managing this device centrally. So type Configure Manager and Question Mark, aid delete, eight delete, edit and local tool. You can go to local anytime. So right now there is no Manager Configure. So I say eight. I type I want to eight. Now next thing is asking me the hostname or IP address up who FMC? So I type 192, 168, 100, 210. This is my FMC IP. Keep in mind FMC, IP and question mark.

They said give any password, registration key. So I say cisco. You can give in the maybc one, two, three, whatever and enter. This is the way to register FTD with FMC. So from FTD side, my job is done. I say Configure Manager, add the estimate management IP of FMC and the password is Cisco. So let’s check out. After it’s done, I will type the command again with Show Manager. Okay, so it’s asking me that Manager successfully configures configure not done. And they say now you can take this key registration key, which is Cisco, and you can add this device to FMC. It’s showing me it’s guiding me automatically. So Show Manager and now, let’s see, it will say pending because we haven’t done. From FMC side, let’s say 190 to 116, 100 to ten, registration key is Cisco. Registration is pending. Okay, and let’s close this one and let’s go to FMC to complete the task. So in FMC, when you log in, there is Devices tab. Click on devices. Click Devices management. So when you come to Device Management, nothing is configured there. Click on Aid button and click on Device.

Here is the IP address of FTD. This one. So this is the IP address. Let me copy this one and type this IP here. Type the device name. So I will give them FTD and registration key, which we type their Cisco type. That key has to be similar cisco Group I don’t because I have only one FTD. If you want to create many, you can create a group. Then access control policy. Again, we will do. A letter is required. So let’s create a new excess control policy ACP Policy. I give them this name and if you want to give them description and select base policy is nothing. And I want to block all the traffic. Okay. And click okay, don’t worry, we will do access control policy. But when you want to register a device, it’s asking you to configure access control policy. And now smart license we already activate and it was showing us zero, zero. Now we want to integrate malware thread URL to who? To this FTD and click register. So it will take time. Okay, in this middle, this device is sending traffic to this one. By the way, let me show you their traffic. If I can capture, I need quickly wireshark. So let’s go to docker and let’s do wireshark. Whereas and let me say wireshark I don’t know why I missed this one to show you. It’s not required. By the way, we will do later when we do troubleshooting. But anyway, if it is there so I can show you. Okay? And let me start and if I can capture this one, this is better to capture this one.

Sorry, right click and capture management one and wireshark sorry, I need to put wireshark or something capture why not showing me here there is traffic going on but I want to capture them. There is a way, I forgot how to no capture. There was something to show. By the way, it’s not showing me my wireshark is there? It has to show me directly in wireshark docker, it’s not important but just want to show you. They are sending the traffic right now still they’re working on it. So let’s see, my wireshark is running okay from here. So ethernet one, I think. So I need to enable this one. And that’s the thing I need to show you. And let’s see now there is some way to capture. Now let’s see it open in warshark. By the way, this time is showing us. So now you will see, there is a traffic between FTD and FMC going on. Let’s see, it can show us or not the port which I show you, they will exchange the information. For some reason it’s not showing me the traffic which is going on. Okay, this one. So they are sending the detail to this FMC anyway for some reason it’s not showing.

So it’s not an issue. I thought I will show you. So let me remove this wireshark from here. Delete, you can use this docker to capture the packet, otherwise you can do directly as well. Okay, and let me refresh this topology so this can become straight. Okay, so it’s still pending. So what I done first time AI is okay. Now it says FTD 100 200 which is this 100 200 with routed mode 6. 7 is the version and the license is now at age base thread Malware. Let’s see, let me show you. So if I go to smart license before it was showing me zero. You see now base license is at H with FTD malware is at edge thread and URL is at Edge with the same FTD. So you get my point, what I was so let me go to Device and Device Management. So we register a device with no error. It’s showing green, it means everything is okay. The model is FTD KVM version and St license and access control policy is none still. So let’s go back if I missed something, okay, let’s do change again. Let’s check out show manager. Before it was showing me pending. Now it show is completed. So let’s check out as showing me. It says completed, now it’s registered with FMC. So you get what I’m saying? And what is the meaning? How to bring them up under the FMC? Okay, so we Configure Configure Manager with Saskooky you can use any key. Then we go to FMC Device. A device? Then we go to devices.

We create a policy with any name if you want, type the IP address of FTD, okay? And put the license smart licenses to enable and then click Register. It will take some time and after a while on the task, you can see from there it was showing us the task and it will show a green tech market means everything is okay. And when we go back, we can check from Show Manager everything is okay. So this is the way how to integrate and register FTD with MMC. So if your organization, if you have many, you can do the same thing. Go to every FTD, Configure Manager aid, type the IP 100 to ten, type any key like a Cisco and then go to FMC and register all the devices on the same way. It will show you all the devices here. Keep in mind, right now we have only one. But it can be 100, it can be ten, it can be 20. So all of them, you have to register them first time. The same way to bring them under the FMC. Okay? So that’s the registration.

29. Lecture-29:Cisco FTD Initial Working Lab Using the Cisco FMC.

So let’s do initial working lab this is our topology we have few system inside, we are connected to outside we register FTD to FMC we configure management detail and everything is ready but do you think this PC will go out? No, because FTD is not yet registered beside management. Management? If I go to interfaces, interfaces are not configured. We have two interfaces, so if I say show interface IP brief it will say the interfaces are not configured. Same like a square. So I say show interface IP brief interface IP brief and enter. So let’s see the interfaces are not configured. After a while it will show you that there is look at Sshutdown one and if I say show route, so sure, route is also not there, only management is configured. If I check excess control policy, nothing is configured. It means nothing is configured because we will do all this configuration from FMC. So that’s why let’s do an initial working lab. This is our topology, this is our detail, which we already know.

So from here we can start to initial working lab. So just start things are working so that I can ping from PC one to internet. What can I do? I need to configure FTD, which we will do every step in detail. But right now I want that the things start working. I need something basic to show you. So let’s start. The first thing I need to create few objects. Again we will do object in detail. Object or container. So I need Object for PC One. PC three. I need object from 1114 one. Because everything is working in object and s device. Then what I need these two object. Okay, then I need inside and outside zone. Just like a Cisco SA firewall. So if I type inside and let me give them a green and let me put them and let’s where is the fountain to increase the fount size? Let’s see 16. Okay. And let’s give them a good discolor. And it’s better to give them some other color. Okay, so this is my inside. We already know this is my inside. So I need an object for inside and this is outside. So let me take a duplicate. And let’s do here outside. Okay, outside. And let’s change the color to red.

So I need to object inside and outside. I need object for internet gateway. I need object for PC one. I gain object for the entire lane. So let’s do create object where we can go. I am in Firepower Management Center these object will help us that’s why I want to create them so let’s go to Object and Object Management and I need few object even though you can create directly but it’s better to come here. So let’s go to object here. I’m an object tab. There are some by default object like any any four and so many objects are already there. But I want to create. So click on Add object. Okay. And let me give them PC three. My window PC, which we will test to. This is PC three. So PC three with IP 192, 168, one three. It’s better to give the name object so that we can identify them. And this is a host here. So let’s copy this one and paste here you can type 32 as well. And you can tap them without host and save. So my first object is done, which is PC three IP, which I will need later in the configuration. Done. Now let’s go to ed object. Okay. And now I need lane subnet inside subnet. So inside subnet with 192-1681 dot zero, OK. And underscore 24 give the name like this, so it will be better. Click on network and say 109, 2168-1024 save. So inside subnet is done.

So I’ll create two object, one for this, one for entire whole subnet I will need later on I will show you right away. Then I need the ICP IP. So what I can do, I can go to ed object again and I will type ISP IP 192, 168, 1114 one. Okay. Why? I am putting the IP. So that we know which object is this one for understanding purpose and otherwise. This name can be anything I speak. So these objects are done, which I at least needed. Now I need object for inside and outside. For that I need to go to interfaces. Click on interfaces object. Okay, there are two already, so it’s better if it is not. I will create two object. So object are already there inside and outside. You can give any name. So my objects are done, which I require. So I create a network. I create one for LAN subnet, one for PC, one in this case and one for ISP. So I done. Then I create two zone which is already there. If it is not, then I will create two zone. If it is not, let me delete them, okay.

So that I can show you how to create them. Click here and security zone. So the first zone name is inside underscore zone. This is my first zone. Okay. Security zone is routed one, because we are in routed mode. And this is our FTD, which we will assign these zones. So click on this FTD. Okay. Sorry. It’s okay. And inside routed because I don’t have interfaces. And click save. So my inside zone, I created one inside zone. And let’s create one more zone, which I will need for outside. So out side underscore zone and create the interface type routed for the safety and click save so zones are done. These are the object which I will need to zone. We already created. Zone is nothing but just to combine interfaces. And that one just the name. It’s not like a Cisco, like a high level and low level. There is no such concept. Now I need to configure FTD interfaces because in this FTD I have two interfaces g zero slash one n side with 192, 168 this one let me copy there one n side and outside this one is outside interface. But do you think I need to configure here? No, from here.

So I am already in FMC. Now let’s go to device device management and the FTD is this one. Click on this pencil icon. Forget, we will discuss all these detail. So gzero one is this one, this inside. So g zero one click on this pencil icon. Okay and let’s give them a name. So inside this the interface name those the one which we created is zone name enable means to enable means no shutdown and then the mode is no need of mode right now security zone that’s why I created those showing here. So I say inside zone MTU is the default one and IPV four is static this the IP with 24 yeah, this is my interface. I’m here, I’m configuring this interface 254 I don’t need IPV six and advanced level configuration and okay, so my inside interface is done, let’s do the same thing. Zero slate zero which is outside this one. So for outside we decide this IP 254. So let me go to zero slate zero interface okay, and let’s give them a name outside enable the interface means no shutdown security zone it outside. And let’s go to IP and static IP and put 24 as the subnet mask and OK, so my two interfaces are done.

Now you need to do save this changes temporary save it’s not pushed there. Keep in mind if I go there it will be not apply straight away. The interfaces will be still shut down and everything. So let me go to shoe interface IP brief still no IPS. Why? Because this is still an FMC. I’m doing the job, I did not push them yet. If you want to push, let’s do they have done two changes. Yeah, so let’s push this one. Click on deploy deployment to push this detail to this FTD one I have only one FTD click on deploy and deploy. So let them start they will deploy this one and we will do some other changes. So I create interfaces so I configure interfaces. Next thing I need to configure a static route to route the traffic outside from here to internet. That’s why I create object for 1114 one.

So let’s go and create default route again. It will continue, don’t worry. This one go to device device management. Okay you can push all at once and you can do it step by step. Click on this FTD again and there is a routing tab click on this routing tab and there are many type of routing we will do later in the course. Right now I need a static route so I can push the traffic all of them to ISP click on a route and the interface which is outside interface. We give them this name IP before any means. Zero, zero is showing you zero, zero, zero. Yeah, I say any sort of traffic. This object was already by default aid to whom should give ISP that’s why I put here just the object? That’s my gateway 1141. So I say anything, give it to this IP with metric one and OK, so my default route is configured here. Any IP, push them to the outside and this one and this one and save.

So now everything is pushed. So interfaces will be there, but route is still not there. Let’s see if deployment is done. Now you will see the IP address with also up up let’s see still okay, so that is still going on. There is still 1 minute more required to at least push the interface detail. Now I configured default route as well. We will push again this one. So default route is done. We’ve done the same way and now you can see them. Next thing I need a net policy so that when the inside PCs go to outside so this FTD will do netting again. Netting we will do in detail. So many netting are the same like a Cisco essay. So let’s go to device and click on net this time that I want to apply net. Now they ask me which type we need thread defense leave it this one which we will discuss. So thread defense net let me give them a net policy and the FTD which we have only one device, if you have many, it will show you and save. So my policy I just created, I did not create the rule yet. We will discuss net rule before net rule after auto net we already discussed an SSQ essay, if you remember. But anyway, let me create a rule. Right now we are just doing initial working lab.

Let me choose auto net, which is easy. Let me choose dynamic and I will say if the traffic is going from inside to outside, translate my lane object. That’s why I create inside subnet translate my 190 to 168 10 two the outside interface means paid I’m configuring paid and okay, so net is done and click save so net is done and let’s see deploy after the previous one is deploy. So at least now interfaces IP will be there. You see now 192, 116 one and one but up before it was not up, but route is not there yet. Sorry route show route. So if I check there is interfaces but no static route. Let push those two details which I just configure one net and another one is default. So until it will work and we will do some other changes, choose this one to push this traffic. Basically I am pushing, I’m configuring everything and pushing this one. If I have another FTD, I will configure there and we’ll push them. And if I have another one so I will configure everything and we’ll push them later on with deploy command. Okay, so net is required, so at least internal PC can go outside. Done. I choose auto net and dynamic NSR to outside and click lens of net and to destination IP and then I deploy them.

Next thing I need to create a policy. Same from inside to outside the traffic is going. So I need to allow the traffic. So what I need to do, let’s go to FMC again. Go to policy access control policy like ACL Cisco SA so that the traffic from inside to outside is allowed by default. No, here you need to create a policy. So click on this pencil icon and let’s create a rule here to allow the traffic. Click add rule and give them a name. Suppose allowed, all action is allowed again. We will do all these things in detail, don’t worry where to put them. And I say from inside to outside network is my lens subnet outside it can go anywhere. VLAN I’m not using user, I don’t have application can be anything. Port can be anything, URL can be anything. There is no ice inspection. I don’t want to intrusion policy, but I want logs so that I can see the logs and I don’t want to put any comments and add the policy. So basically I allowed everything from inside to outside and save the changes. Done.

So I create a rule here and allowed my lens of net to go outside anywhere and nothing. I apply logs, I enable and now save the setting. But I did not deploy yet. I will deploy. This is the last thing which was required. So let’s deploy this setting. Click on this. Sorry deployment deploy means to push. Now whatever I’ve done here is temporary. I need to push them. So it means something is already running. So let’s choose this one and apply. Now. Before there was no route an FTD no route was showing. Now I deploy the route as well. So let’s check out nothing here there is only CLC. Let’s check out again. Now there will be a default route. You see s withstar that somebody from FMC configure default route and then they push to me. So now it’s showing us. But if I check show access list, so there is no access list configure. Now we configure it. So show access list and also what we done configure, I don’t know which thing we next we configure. So it will be not in and after a while it will be there because it’s pushing them now. So let’s see. So it’s going on 37% and the last thing I need to check now my PC. So we already configured the IP one three in my case, either docker one one. So we already configure this one with eight at eight and now I will test and then we will verify an FMC. So you can do monitoring of FTD and FMC. You can configure FTD and FMC, you can check the logs in FMC, but everything is there in FTD. So you get the idea now how it is working. So we will verify the traffic and dashboard, et cetera, but we are now waiting to deploy the changes.

It’s 57% done then when it’s done, then I can check the traffic from inside. So let me go to this PC. Mac them ready to log in right now traffic will not work. So if I ping my gateway one and 192, 168, 1254, so I can ping my gateway, is my gateway 154, but I don’t think so. Outside traffic will be allowed yet. So if I say eight, at eight to eight not working because the policy is still to be allowed and which is going on, it’s not yet done. 83%. So after 83%, let me put on continue ping. So it will start work if everything is okay, and I hope so it will work if everything I configure correctly. So this ping will start work. You see now it start working because completed now and there should be now Google. com and everything from internal PC. So if I go to Cisco. com and let me go to Facebook. Facebook. com, okay, I hope so it has to work now. So you can see it’s going to Cisco and let’s see it’s going to Facebook. com or not, even though ping is okay, but the internet will be a bit slow. Okay, let me close. Yeah, so it’s okay. From internal PC I can see the traffic a bit slow, but it’s going in this Facebook. How we can verify? Let’s go to analysis and events. I say show me the events which is going through FTD. Okay. And here is so this is my one three internal PC which going to from inside to outside zone source code is this 1443. And also we go to eight eight, it should be here, the rest which is allowed one three PC to eight eight. And this is when for DNS and everything detail is mentioned. So many other detail devices FTD this decline. There’s the application which they use this the source port destination port ingress interface egress interface Responder country everything is mentioned and you can see the log either if you want to see from table view. So you can see from table view as well everything which is going past. So you can see from table view as well. And after a while it will create a dashboard detail as well. If you go to overview, so it will show you application. Right now it’s not yet because it’s take time, top server, top system C, top application business and all those things it will show you here and geolocation detail as well. So we went to USA, normally edited. So those t detail it will show you here. Right now I need a network dashboard, but it will take some time to configure and we’ll show you because it’s a simulation. Why? So it takes time to display the data. So let me ping again and let’s see. Hope it can show us some of the things. Let me go to network. So still it take time to show up. But anyway it will show you like this one, the graph and everything, whatever we use to Facebook and all those details. And I show you these connection logs as well. So this was initial working lab. It’s okay.

This was just how it will work. So we create a policy and we create a net rule. We create a default route just to test the working. Okay. Now from tomorrow we will do one by one everything and more detail like access control policy and more detail object and more detail routing and more detail. So everything we will do in detail. This was just to check out how it is working. So let’s see if it is still not. It will take some time anyway, but we can see the logs from analysis and we can go to events and you can check the events log from here. So it’s showing you countries and so the Arab USA island and all those details. So this was the first working lab. So we have internal systems external, then FTD, we register them in FMC, then from FMC we do configuration and we push them to FTD. And this is how it is working. And we can monitor this device from here as well.

• Category: Uncategorized