11/30/2021»»Tuesday

Add Firepower To Fmc

11/30/2021
  1. Add Cisco Firepower 2110 To Fmc
  2. Cisco Firepower Add To Fmc
  3. Add Firepower To Fmcsa

In this post, we will show you how To add Cisco Firepower Management Center to eve-ng with ease. Cisco FMC is used to manage Cisco FTD and of the best tool available in the market. You can create your own lab for training, Self-practice, and testing. In CCIE Security v6 Cisco FMC will be used in LAB and Eve-NG has made our task easy, you can prepare/practice complete CCIE Lab in EVE-NG.

To add Cisco Firepower Management Center FMC to eve-ng, will follow the below steps-

1. Download Cisco FTD Image-
Cisco Website
Alternate link
2. create a directory to add Cisco FMC
3. Copy the file and Upload the image to EVE-NG using FileZilla or Win SCP
4. Fix the permission and enjoy

To get unlimited and preloaded access to Eve-ng Images you can subscribe on Lab4Work

You can follow below post to check-

if you are downloading from Cisco follow the below steps and the same steps can be used for other Cisco FMC versions. If you are using the alternate link to download the file then just upload the file to qemu and reset the permission.

Add Cisco Firepower 2110 To Fmc

For instance, say you have a Firepower 2130 appliance and you don't want to use FMC. Then what you can do in this case is just to set up the Firepower appliance to be managed locally. This means you are going to use FDM. FDM has limited features comparing to the FMC, however, it is still a good choice. It all depends on your requirement really. ASA 5505-X / 5508-X Setup FirePOWER Services (for ASDM) But if you have got more than one, and you can manage them centrally with the FirePOWER Management Center, (formally SourceFIRE Defence Center). WARNING: If you are going to use FMC DON’T register your licences in the ASDM, they all need to be registered in the FMC. FMC 101v2: A Network Administrators Perspective. For more information, visit https://www.cisco.com/c/en/us/products/security/firepower-management-center/inde.

Add a Static Route to the FirePOWER Management Console To do the same on an FMC appliance, System Configuration Management Interface IPv4 Routes Add. To do the same from command line on the appliance, use the following commands.

SSH to EVE and login as root, from cli and create working directory on the EVE’s qemu folder:

Upload the downloaded Cisco_Firepower_management center image hda.qcow2 image to the opt/unetlab/addons/qemu/firepower6-FMC-6.4.0-113 using FileZilla or WinSCP.

save the configuration by fixing the permissions using the following command

Go To your EVE-NG add FMC Node and start it

WARNING ! These images are very heavy, and to run you will need servers with minimum 8 Core CPUs!!!

After Installation obtain FirePower demo licences from Cisco using your CCO and installed management centre MAC address.

Tips: http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center-virtual-appliance/118645-configure-firesight-00.html

Basic Authentication using external Radius server

Cisco Firepower Add To Fmc

  1. Log on to the Firepower Management Server using Local Admin credentials and click on users.

2. Add the Radius Server details

3. Add the username in the shell access filter which will be used to access FTD Sensor (Firewall appliance)

4. Save the settings and apply the changes

Default shell profile is administrator and shell authentication is enabled. This setting is only valid for FMC.

Radius attributes are possible and privilege difference according to groups is possible. However, we are not doing that here.

5. Go to Devices and platform settings ..Choose the sensor where you want authentication applied

6. Choose the external Authentication and switch on the toggle to enable Radius Authentication and save the settings

7. Deploy the config to the appliance

9. Verify the deployment transcript. If no other changes are done,there should be no config. FMC hides fxos config from the user.

10. Logon to the FTD Appliance and verify the username list. The username “fmcuser” should now be there as a local account

11. Configure your Radius Server for both FMC and FTD using management IPs . In my setup

FMC =192.168.2.10, FTD=192.168.2.70

create the user

Use the same radius shared key that was used for FMC , key should be same for both devices. FMC will push this key to the FTD during deployment.

12. Test your access on FTD appliance

Add Firepower To Fmc

13. Test your login on FMC.

Add Firepower To Fmcsa

Local usernames are still valid and will be checked first.