Cisco FTD Basic Configuration, v6.7 using Firepower Device Management (FDM)

Поделиться
HTML-код
  • Опубликовано: 17 янв 2025

Комментарии • 32

  • @agbooksreview8402
    @agbooksreview8402 2 года назад +3

    Thanks for uploading this video, if someone new and want to configure Cisco FTD, must refer this video 👍

  • @alitorkani6228
    @alitorkani6228 2 года назад +1

    Hi David, It is an amazing video

  • @aliakbarakbari3802
    @aliakbarakbari3802 Год назад +1

    Great work!!!!!!

  • @baljindersingh29
    @baljindersingh29 Год назад +1

    Very good David, this is quick and easy. When are coming with HA pair of FTD?

    • @ITSolutionsNetwork
      @ITSolutionsNetwork  Год назад +1

      That's a good reminder actually, I was thinking what to record next.
      Thanks.

    • @baljindersingh29
      @baljindersingh29 Год назад

      @@ITSolutionsNetwork No thank you David for making it. Appreciate it

  • @prens7380
    @prens7380 3 года назад +1

    Awesome! Are you planning to do FMC anytime soon?

  • @deltamme82
    @deltamme82 3 года назад +1

    Good video. Quick question from me.. of you deploy these firewalls using the firepower device manager only. I assume if you later deploy FMC these are ok switching to manager by using the manager add command in cli then adding in FMC? No gotchas ?. also would this lab be usable in the free version of EVE-NG ? I don't have pro at the moment

    • @ITSolutionsNetwork
      @ITSolutionsNetwork  3 года назад +2

      Correct, but you’ll lose the configuration when you change manager, so be ready to have a downtime.

    • @ITSolutionsNetwork
      @ITSolutionsNetwork  3 года назад +2

      A lab will be usable in a free version of eve-ng.

    • @deltamme82
      @deltamme82 3 года назад +1

      @@ITSolutionsNetwork ah really ? Is this just in a EVE-NG lab environment or real world. say if you were using a hardware model running FTD code. And you have a manger either physical or virtual? And you wanted to later add an FTD to FMC it would wipe the config of the FTD ? Or this just EVE-NG specific ?

    • @ITSolutionsNetwork
      @ITSolutionsNetwork  3 года назад +2

      @@deltamme82 It’s an FTD thing. And even firepower module in ASA does the same, but in the ASA, you can set up fail-open not to disrupt a traffic flow.

  • @АлексейМышевский
    @АлексейМышевский 2 года назад +1

    where i can got ftd 6.7 for testing inside eve-ng ?

    • @ITSolutionsNetwork
      @ITSolutionsNetwork  2 года назад +1

      Officially, you'll have to have the rights to download it from the Cisco site.
      Unofficially, you'll have to search on your own.

  • @fakirpoo
    @fakirpoo 3 года назад +1

    Thanks for the video. It's fortuitous that you just posted this as I needed this. Question, this is a little out of the scope of the video, but have you ever used just the IPS function of a firepower device before? Current network has an IPS that is EOL and needs to be replaced, but there is an existing ASA 5525 firewall that is not going to be replaced at this time (it will be when the rest of the network is upgraded). My plan is to use the access control policy, which will be wide open, to forward all traffic to the IPS process for NGFW processing before the traffic is then forwarded to the firewall. I'm looking to make this as seamless as possible so the only thing I want to configure is the firepower and none of the other existing devices.

    • @ITSolutionsNetwork
      @ITSolutionsNetwork  3 года назад +2

      Definitely doable. I’m actually working on the long term project upgrading ASAs with firepower modules to new FTDs controlled via FMC for the same reason, Cisco is not going to extend the support.
      One thing you need to keep in mind is that for the traffic that is not supposed to be inspected by the IPS like for example IPSec or GRE, you will need to allow them via pre-filter.

    • @fakirpoo
      @fakirpoo 3 года назад +1

      @@ITSolutionsNetwork thanks for the info. One more question if you don't mind. When traffic reaches the firepower in an FTD configuration, does it automatically hit the access control policy (firewall) portion first and then forwarded to the IPS? Is there a way to have the IPS portion process the data first? It seems like it's splitting hairs, but I'm asking from a function perspective/location. The network that is getting upgraded wants the IPS device first, just like they have with their current setup now ( an aging McAfee 2850 sensor in front of their ASA). Again, thanks for the video and response. You have a grateful new subscriber.

    • @ITSolutionsNetwork
      @ITSolutionsNetwork  3 года назад +1

      @@fakirpoo Well, the access control policy is part of the snort process. The old school ACLs are now Prefilter Policy in the LINA process. So the FTD is built with two parts, LINA and Snort. LINA is what was ASA before the FTD.
      Prefilters are part of the LINA, and if there is no match, it goes to the SNORT, which is considered a best-practice scenario.
      I fail to see why someone would put SNORT before the ASA; it doesn't make sense to me.
      Here is your FTD packet Flow; once you see this, it all makes sense, and you'll know how to design.
      www.lammle.com/wp-content/uploads/2018/05/Latest-FTD-Packet-Flow-1.jpg

    • @fakirpoo
      @fakirpoo 3 года назад +1

      @@ITSolutionsNetwork would you ever recommend putting a firepower on the network edge over a router?

    • @ITSolutionsNetwork
      @ITSolutionsNetwork  3 года назад +1

      @@fakirpoo Do you mean instead of a router or in front of the router?

  • @mimranon
    @mimranon Год назад

    Question, what happens if 90 days evaluation ends?. can we still use as nat devices

    • @ITSolutionsNetwork
      @ITSolutionsNetwork  Год назад +1

      After all the licenses expires, functions that require license will stop accepting new changes, so you won't be able to make changes like applying policies for example.

  • @Prabhat.Kumarhcl
    @Prabhat.Kumarhcl 3 года назад +1

    Can i export my asa config file to ftd

    • @ITSolutionsNetwork
      @ITSolutionsNetwork  3 года назад

      There is a Firewall migration tool that can do that, but I never used that.

    • @Sam-bw5sk
      @Sam-bw5sk 2 года назад

      @@ITSolutionsNetwork what's the firewall migration tool called?

    • @ITSolutionsNetwork
      @ITSolutionsNetwork  2 года назад

      @@Sam-bw5sk Depends where are you looking at.
      Google Cisco Secure Firewall Migration Tool and you should be able to find “Firepower Migration Tool”

  • @alitorkani6228
    @alitorkani6228 2 года назад

    David, Shall I have your LinkedIn account?