Configuring FTD Basics with FMC

"The What?" - In this blog I will be covering FTD/FMC basics to include managing FTD instances from FMC & deploying/managing interfaces. First, to see more about FMC/FTD Registration/Communications & helpful tips see: FMC & FTD Communication/Registration Tidbit


"The Why?" - FirePower Management Center is the admin console that allows you to control a variety of Cisco products on multiple platforms. It is able to act as the event & policy manager for the following:

  • Cisco Secure Firewall with the Firewall Threat Defense (FTD) OS

  • Cisco ASA with FirePOWER Services

  • Cisco Secure IPS (Firepower Next-Gen IPS / NGIPS)

  • Cisco FirePOWER Threat Defense for ISR

  • Cisco Malware Defense (AMP)

FMC provides extensive intelligence about the users, applications, devices, threats and vulnerabilities that exist in your network. It also uses this information to analyze your network’s vulnerabilities.


"The How?" - Before we dive in to cover some FTD basics here is the topology I intend on using for the next several posts that will cover several FTD topics:


Note to see how to Start/Shutdown FMC/FTD Instances see: FTD/FMC/FCM Startup/Shutdown Process - Cisco 4110 NGFW


I want to start with covering the management of FTDv interfaces perspective. Once the FTDv are successfully registered to be managed by FMC we can rely on device management from within FMC:

We can see that I have successfully registered the two FTD instances depicted in the topology diagram (one routed/one transparent as expected).


Next, using FMC I have configured the interfaces to support the topology shared above for FTD2 (routed firewall):

I actually purposely configured sub-interfaces and a static interface just to show the differences. Lastly, here is the interface snippet for FTD1, the transparent firewall connection the windows client to the CSR across vlan 13 (bottom right in topology):

To get to interface configuration: Device Management->Devices->Click on Device->Interfaces


If you end up encountering FMC policy deployment errors, take a peek at the following tidbit: Troubleshooting FMC Policy Deployment Tidbit


Verifying interface configuration from FTD CLI:

FTD1:

FTD2:

Now all of the respective interfaces have been configured via FMC for both FTD units. All basic routing works between the CSRs, including the Windows client. Shown below is the Windows Client traffic traversing the transparent firewall across vlan 13:


Helpful Commands:

Reconfigure FMC Management Interface from CLI:

Reconfigure FMC interfaces from CLI:

#ifconfig <interface> x.x.x.x 

Reconfigure FMC default route from CLI:

#ip route add default via x.x.x.x

Confirm route:

#route

Change firewall mode on FTD (must deregister from device manager first & remove configured managers from FTD CLI):

Firewall Mode Verification:


That about wraps up this FTD basics post. I will continue to build on this deployment/topology. Take a peek at the <ftd> tag to see more. Cheers!


0 comments

Recent Posts

See All

Email Security - Breaking Down DKIM & DMARC

I recently started pursuing email security studies. Other posts have mentioned this, and a recent post shared a deeper look at SPF. In this blog I want to cover DKIM & DMARC. Starting with DKIM, it

Email Security - Breaking Down SPF

In the post I want to breakdown & cover SPF in more detail. Especially as I continue to embark on the email security journey/track. before beginning, here is another brief overview of what SPF entai

Understanding FTD Multi-Instance Capability Mode

In this post I want to cover running the multi-instance capability with Firepower Threat Detection (FTD). This capability lets you run containers that use a batch of resources of the security module/