Configuring FTD Basics with FMC

"The What?" - In this blog I will be covering FTD/FMC basics to include managing FTD instances from FMC & deploying/managing interfaces. First, to see more about FMC/FTD Registration/Communications & helpful tips see: FMC & FTD Communication/Registration Tidbit


"The Why?" - FirePower Management Center is the admin console that allows you to control a variety of Cisco products on multiple platforms. It is able to act as the event & policy manager for the following:

  • Cisco Secure Firewall with the Firewall Threat Defense (FTD) OS

  • Cisco ASA with FirePOWER Services

  • Cisco Secure IPS (Firepower Next-Gen IPS / NGIPS)

  • Cisco FirePOWER Threat Defense for ISR

  • Cisco Malware Defense (AMP)

FMC provides extensive intelligence about the users, applications, devices, threats and vulnerabilities that exist in your network. It also uses this information to analyze your network’s vulnerabilities.


"The How?" - Before we dive in to cover some FTD basics here is the topology I intend on using for the next several posts that will cover several FTD topics:


Note to see how to Start/Shutdown FMC/FTD Instances see: FTD/FMC/FCM Startup/Shutdown Process - Cisco 4110 NGFW


I want to start with covering the management of FTDv interfaces perspective. Once the FTDv are successfully registered to be managed by FMC we can rely on device management from within FMC:

We can see that I have successfully registered the two FTD instances depicted in the topology diagram (one routed/one transparent as expected).


Next, using FMC I have configured the interfaces to support the topology shared above for FTD2 (routed firewall):

I actually purposely configured sub-interfaces and a static interface just to show the differences. Lastly, here is the interface snippet for FTD1, the transparent firewall connection the windows client to the CSR across vlan 13 (bottom right in topology):

To get to interface configuration: Device Management->Devices->Click on Device->Interfaces


If you end up encountering FMC policy deployment errors, take a peek at the following tidbit: Troubleshooting FMC Policy Deployment Tidbit


Verifying interface configuration from FTD CLI:

FTD1:

FTD2:

Now all of the respective interfaces have been configured via FMC for both FTD units. All basic routing works between the CSRs, including the Windows client. Shown below is the Windows Client traffic traversing the transparent firewall across vlan 13:


Helpful Commands:

Reconfigure FMC Management Interface from CLI:

Reconfigure FMC interfaces from CLI:

#ifconfig <interface> x.x.x.x 

Reconfigure FMC default route from CLI:

#ip route add default via x.x.x.x

Confirm route:

#route

Change firewall mode on FTD (must deregister from device manager first & remove configured managers from FTD CLI):

Firewall Mode Verification:


That about wraps up this FTD basics post. I will continue to build on this deployment/topology. Take a peek at the <ftd> tag to see more. Cheers!


0 comments

Recent Posts

See All

"The What?" - In this blog I want to share some valuable Digital Network Architecture Center (DNAC) tips & tricks that I have collected that are quite useful when needing to troubleshoot/perform some

In this post I want to cover the ESA Email pipeline. The email pipeline represents how emails are processed through the system from start to finish. The pipeline consists of 3 main phases: Receipt:

I recently started pursuing email security studies. Other posts have mentioned this, and a recent post shared a deeper look at SPF. In this blog I want to cover DKIM & DMARC. Starting with DKIM, it