Cisco Firepower NGFW Virtual Quick start guide
- Category
- Network management software
- Type
- Quick start guide
Cisco Firepower Threat Defense Virtual for the Oracle Cloud
Infrastructure Getting Started Guide
First Published: 2020-10-22
Last Modified: 2021-12-01
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
CHAPTER 1
Getting Started with Firepower Threat Defense
Virtual and Oracle Cloud Infrastructure
The Firepower Threat Defense Virtual (FTDv) brings Cisco's Firepower Next-Generation Firewall functionality
to virtualized environments, enabling consistent security policies to follow workloads across your physical,
virtual, and cloud environments, and between clouds.
This chapter describes how the Firepower Threat Defense Virtual functions within an Oracle Cloud
Infrastructure (OCI) environment, including feature support, system requirements, guidelines, and limitations.
This chapter also describes your option for managing the FTDv.
It's important that you understand your management option before you begin your deployment. You can
manage and monitor the FTDv using the Firepower Management Center.
•About FTDv Deployment On the OCI, on page 1
•Prerequisites for the FTDv and OCI, on page 2
•Guidelines and Limitations for the FTDv and OCI, on page 2
•Sample Network Topology for FTDv on OCI, on page 3
About FTDv Deployment On the OCI
The Cisco Firepower Threat Defense Virtual (FTDv) runs the same software as physical Cisco FTD to deliver
proven security functionality in a virtual form factor. The FTDv can be deployed in the public OCI. It can
then be configured to protect virtual and physical data center workloads that expand, contract, or shift their
location over time.
OCI Compute Shapes
A shape is a template that determines the number of CPUs, amount of memory, and other resources that are
allocated to an instance. The FTDv support the following OCI shape types:
Table 1: Supported Compute Shapes for FTDv
InterfacesAttributesOCI Shape
RAM (GB)oCPUs
Min 4, Max 460 GB4VM.Standard2.4
Cisco Firepower Threat Defense Virtual for the Oracle Cloud Infrastructure Getting Started Guide
1
InterfacesAttributesOCI Shape
RAM (GB)oCPUs
Min 4, Max 8120 GB8VM.Standard2.8
• In OCI, 1 oCPU is equal to 2 vCPU.
• The FTDv requires a minimum of 4 interfaces.
You create an account on OCI, launch a compute instance using the Cisco Firepower NGFW virtual firewall
(NGFWv) offering on the Oracle Cloud Marketplace, and choose an OCI shape.
Prerequisites for the FTDv and OCI
• Create an OCI account at https://www.oracle.com/cloud/.
• A Cisco Smart Account. You can create one at Cisco Software Central (https://software.cisco.com/).
• License the Firepower Threat Defense Virtual.
• Configure all license entitlements for the security services from the Firepower Management Center.
• See “Licensing the Firepower System” in the Firepower Management Center Configuration Guide
for more information about how to manage licenses.
• Interface requirements:
• Management interfaces (2) — One used to connect the Firepower Threat Defense Virtual to the
Firepower Management Center, second used for diagnostics; cannot be used for through traffic.
• Traffic interfaces (2) — Used to connect the Firepower Threat Defense Virtual to inside hosts and
to the public network.
• Communications paths:
• Public IPs for access into the Firepower Threat Defense Virtual.
• For FTDv system requirements, see Cisco Firepower Compatibility Guide.
Guidelines and Limitations for the FTDv and OCI
Supported Features
• Deployment in the OCI Virtual Cloud Network (VCN)
• Routed mode (default)
• Licensing – Only BYOL is supported
• Firepower Management Center support only.
Cisco Firepower Threat Defense Virtual for the Oracle Cloud Infrastructure Getting Started Guide
2
Getting Started with Firepower Threat Defense Virtual and Oracle Cloud Infrastructure
Prerequisites for the FTDv and OCI
• Single Root I/O Virtualization (SR-IOV) is supported.
Performance Tiers for FTDv Smart Licensing
The FTDv supports performance-tiered licensing that provides different throughput levels and VPN connection
limits based on deployment requirements.
Table 2: FTDv Licensed Feature Limits Based on Entitlement
RA VPN Session LimitRate LimitDevice Specifications
(Core/RAM)
Performance Tier
50100Mbps4 core/8 GBFTDv5, 100Mbps
2501Gbps4 core/8 GBFTDv10, 1Gbps
2503Gbps4 core/8 GBFTDv20, 3Gbps
2505Gbps8 core/16 GBFTDv30, 5Gbps
75010Gbps12 core/24 GBFTDv50, 10Gbps
10,00016Gbps16 core/32 GBFTDv100, 16Gbps
See the "Licensing the Firepower System" chapter in the Firepower Management Center Configuration for
guidelines when licensing your FTDv device.
To change the vCPU/memory values, you must first power off the FTDv device.
Note
Unsupported Features
• Local management support via Firepower Device Manager.
• IPv6
• FTDv native HA
• Autoscale
• Transparent/inline/passive modes
• Data Interface configuration via DHCP
Limitations
FTDv deployment on OCI does not support Mellanox 5 as vNICs in the SR-IOV mode.
Sample Network Topology for FTDv on OCI
The following figure shows the recommended topology for the FTDv in Routed Firewall Mode with 4 subnets
configured in OCI for the FTDv (management, diagnostic, inside, and outside).
Cisco Firepower Threat Defense Virtual for the Oracle Cloud Infrastructure Getting Started Guide
3
Getting Started with Firepower Threat Defense Virtual and Oracle Cloud Infrastructure
Sample Network Topology for FTDv on OCI
Figure 1: Sample FTDv on OCI Deployment
Cisco Firepower Threat Defense Virtual for the Oracle Cloud Infrastructure Getting Started Guide
4
Getting Started with Firepower Threat Defense Virtual and Oracle Cloud Infrastructure
Sample Network Topology for FTDv on OCI
CHAPTER 2
Deploy the Firepower Threat Defense Virtual on
OCI
You can deploy the FTDv on the Oracle Cloud Infrastructure (OCI), a public cloud computing service that
enables you to run your applications in a highly-available, hosted environment offered by Oracle.
The following procedures describe how to prepare your OCI environment and launch the FTDv instance. You
log into the OCI portal, search the OCI Marketplace for the Cisco Firepower NGFW virtual firewall (NGFWv)
offering, and launch the compute instance. After launching the FTDv, you must configure route tables to
direct traffic to the firewall depending on the traffic’s source and destination.
•Configure the Virtual Cloud Network (VCN), on page 5
•Create the FTDv Instance on OCI, on page 8
•Attach the Interfaces, on page 9
•Add Route Rules for the Attached VNICs, on page 10
Configure the Virtual Cloud Network (VCN)
You configure the Virtual Cloud Network (VCN) for your FTDv deployment. At a minimum, you need four
VCNs, one for each interface of the FTDv.
You can continue with the following procedures to complete the Management VCN. Then you return to
Networking to create VCNs for the diagnostic, inside, and outside interfaces.
Before you begin
After you select a service from the navigation menu, the menu on the left includes the compartments list.
Compartments help you organize resources to make it easier to control access to them. Your root compartment
is created for you by Oracle when your tenancy is provisioned. An administrator can create more compartments
in the root compartment and then add the access rules to control which users can see and take action in them.
See the Oracle document “Managing Compartments” for more information.
Note
Cisco Firepower Threat Defense Virtual for the Oracle Cloud Infrastructure Getting Started Guide
5
Procedure
Step 1 Log into OCI and choose your region.
OCI is divided into multiple regions that are isolated from each other. The region is displayed in the upper
right corner of your screen. Resources in one region do not appear in another region. Check periodically to
make sure you are in the intended region.
Step 2 Choose Networking >Virtual Cloud Networks and click Create VCN.
Step 3 Enter a descriptive Name for your VCN, for example FTDv-Management.
Step 4 Enter a CIDR block for your VCN.
Step 5 Click Create VCN.
What to do next
Continue with the following procedures to complete the Management VCN. When you complete the
management VCN you'll create VCNs for the diagnostic, inside, and outside interfaces.
Create the Network Security Group
A network security group consists of a set of vNICs and a set of security rules that apply to those vNICs.
Procedure
Step 1 Choose Networking >Virtual Cloud Networks >Virtual Cloud Network Details >Network Security
Groups, and click Create Network Security Group.
Step 2 Enter a descriptive Name for your Network Security Group, for example FTDv-Mgmt-Allow-22-8305.
Step 3 Click Next.
Step 4 Add your security rules:
a) Add a rule to allow TCP port 22 for SSH access.
b) Add a rule to allow TCP port 8305 for HTTPS access.
The FTDv can be managed via the Firepower Management Center, which requires port 8305 to be opened
for HTTPS connections.
You apply these security rules to the management interface/VCN.
Note
Step 5 Click Create.
Create the Internet Gateway
An Internet gateway is required to make your management subnet publicly accessible.
Cisco Firepower Threat Defense Virtual for the Oracle Cloud Infrastructure Getting Started Guide
6
Deploy the Firepower Threat Defense Virtual on OCI
Create the Network Security Group
Procedure
Step 1 Choose Networking >Virtual Cloud Networks >Virtual Cloud Network Details >Internet Gateways,
and click Create Internet Gateway.
Step 2 Enter a descriptive Name for your Internet gateway, for example FTDv-IG.
Step 3 Click Create Internet Gateway.
Step 4 Add the route to the Internet Gateway:
a) Choose Networking >Virtual Cloud Networks >Virtual Cloud Network Details >Route Tables.
b) Click on the link for your default route table to add route rules.
c) Click Add Route Rules.
d) From the Target Type drop-down, select Internet Gateway.
e) Enter the Destination CIDR Block, for example 0.0.0.0/0.
f) From the Target Internet Gateway drop-down, select the gateway you created.
g) Click Add Route Rules.
Create the Subnet
Each VCN will have one subnet, at a minimum. You’ll create a Management subnet for the Management
VCN. You’ll also need a Diagnostic subnet for the Diagnostic VCN, need an Inside subnet for the Inside
VCN, and an Outside subnet for the Outside VCN.
Procedure
Step 1 Choose Networking >Virtual Cloud Networks >Virtual Cloud Network Details >Subnets, and click
Create Subnet.
Step 2 Enter a descriptive Name for your subnet, for example Management.
Step 3 Select a Subnet Type (leave the recommended default of Regional).
Step 4 Enter a CIDR Block, for example 10.10.0.0/24. The internal (non-public) IP address for the subnet is taken
from this CIDR block.
Step 5 Select one of the route tables you created previously from the Route Table drop-down.
Step 6 Select the Subnet Access for your subnet.
For the Management subnet, this must be Public Subnet.
Step 7 Select the DHCP Option.
Step 8 Select a Security List that you created previously.
Step 9 Click Create Subnet.
What to do next
After you configure your VCNs (Management, Diagnostic, Inside, Outside) you are ready to launch the FTDv.
See the following figure for an example of the FTDv VCN configuration.
Cisco Firepower Threat Defense Virtual for the Oracle Cloud Infrastructure Getting Started Guide
7
Deploy the Firepower Threat Defense Virtual on OCI
Create the Subnet
Figure 2: FTDv Virtual Cloud Networks
Create the FTDv Instance on OCI
You deploy the FTDv on OCI via a Compute instance using the Cisco Firepower NGFW virtual firewall
(NGFWv) offering on the Oracle Cloud Marketplace. You select the most appropriate machine shape based
on characteristics such as the number of CPUs, amount of memory, and network resources.
Procedure
Step 1 Log into the OCI portal.
The region is displayed in the upper right corner of your screen. Make sure you are in the intended region.
Step 2 Choose Marketplace >Applications.
Step 3 Search Marketplace for “Cisco Firepower NGFW virtual firewall (NGFWv)” and choose the offering.
Step 4 Review the Terms and Conditions, and check the I have reviewed and accept the Oracle Terms of Use and
the Partner terms and conditions.check box.
Step 5 Click Launch Instance.
Step 6 Enter a descriptive Name for your instance, for example FTDv-6-7.
Step 7 Click ChangeShapeand select the shape with the number of CPUs, amount of RAM, and number of interfaces
required for the FTDv, for example VM.Standard2.4 (see About FTDv Deployment On the OCI, on page
1).
Step 8 From the Virtual Cloud Network drop-down, choose the Management VCN.
Step 9 From the Subnet drop-down, choose the Management subnet if it's not autopopulated.
Step 10 Check Use Network Security Groups to Control Traffic and choose the security group you configured for
the Management VCN.
Step 11 Click the Assign a Public Ip Address radio button.
Step 12 Under Add SSH keys, click the Paste Public Keys radio button and paste the SSH key.
Linux-based instances use an SSH key pair instead of a password to authenticate remote users. A key pair
consists of a private key and public key. You keep the private key on your computer and provide the public
key when you create an instance. See Managing Key Pairs on Linux Instances for guidelines.
Step 13 Click the Show Advanced Options link to expand the options.
Cisco Firepower Threat Defense Virtual for the Oracle Cloud Infrastructure Getting Started Guide
8
Deploy the Firepower Threat Defense Virtual on OCI
Create the FTDv Instance on OCI
Step 14 Under Initialization Script, click the Paste Cloud-Init Script radio button to provide the day0 configuration
for your FTDv. The day0 configuration is applied during the firstboot of the FTDv.
The following example shows a sample day0 configuration you can copy and paste in the Cloud-Init Script
field:
{
"Hostname": "ftdv-oci",
"AdminPassword": "myPassword@123456",
"FirewallMode": "routed",
"IPv4Mode": "dhcp",
"ManageLocally":"No",
"FmcIp": "1.2.3.4",
"FmcRegKey": "cisco123reg",
"FmcNatId": "cisco123nat"
}
•FmcRegKey ― This is a one-time-use registration key used to register registering the device to a Firepower
Management Center. The registration key is any user-defined alphanumeric value up to 37 characters in
length.
•FmcNatId ― This is a unique one-time-use string (user-defined). If the device and the Firepower
Management Center are separated by a NAT device, you must enter a unique NAT ID, along with the
unique registration key.
Step 15 Click Create.
What to do next
Monitor the FTDv instance, which shows the state as Provisioning after you click the Create button.
It’s important to monitor the status. As soon as the FTDv instance goes from Provisioning to Running state
you need to attach the VNICs as required before the FTDv boot completes.
Important
Attach the Interfaces
The FTDv enters the Running state with one VNIC attached (see Compute >Instances >Instance Details >
Attached VNICs). This is referred to as the Primary VNIC, and maps to the Management VCN. Before the
FTDv completes the first boot, you need to attach the VNICs for the other VCN subnets you created previously
(diagnostic, inside, outside) so that the VNICs are correctly detected on FTDv.
Procedure
Step 1 Select your newly launched FTDv instance.
Step 2 Choose Attached VNICs >Create VNIC.
Step 3 Enter a descriptive Name for your VNIC, for example Inside.
Step 4 Select the VCN from the Virtual Cloud Network drop-down.
Step 5 Select your subnet from the Subnet drop-down.
Cisco Firepower Threat Defense Virtual for the Oracle Cloud Infrastructure Getting Started Guide
9
Deploy the Firepower Threat Defense Virtual on OCI
Attach the Interfaces
Step 6 Check Use Network Security Groups to Control Traffic and choose the security group you configured for
the selected VCN.
Step 7 Check Skip Source Destination Check Network Security Groups to Control Traffic.
Step 8 (Optional) Specify a Private IP Address. This is only required if you want to choose a particular IP for the
VNIC.
If you do not specify an IP, OCI will assign an IP address from the CIDR block you assigned to the subnet.
Step 9 Click Save Changes to create the VNIC.
Step 10 Repeat this procedure for each VNIC your deployment requires.
Add Route Rules for the Attached VNICs
Add route table rules to the diagnostic, inside, and outside route tables.
Procedure
Step 1 Choose Networking >Virtual Cloud Networks and click the default route table associated with the VCN
(inside or outside).
Step 2 Click Add Route Rules.
Step 3 From the Target Type drop-down, select Private IP.
Step 4 From the Destination Type drop-down, select CIDR Block.
Step 5 Enter the Destination CIDR Block, for example 0.0.0.0/0.
Step 6 Enter the private IP address of the VNIC in the Target Selection field.
If you did not explicitly assign an IP address to the VNIC, you can find the auto-assigned IP address from the
VNIC details (Compute >Instances >Instance Details >Attached VNICs).
Step 7 Click Add Route Rules.
Step 8 Repeat this procedure for each VNIC your deployment requires.
Cisco Firepower Threat Defense Virtual for the Oracle Cloud Infrastructure Getting Started Guide
10
Deploy the Firepower Threat Defense Virtual on OCI
Add Route Rules for the Attached VNICs
CHAPTER 3
Access the FTDv Instance on OCI
You can connect to a running instance by using a Secure Shell (SSH) connection.
• Most UNIX-style systems include an SSH client by default.
• Windows 10 and Windows Server 2019 systems should include the OpenSSH client, which you'll need
if you created your instance using the SSH keys generated by Oracle Cloud Infrastructure.
• For other Windows versions you can download PuTTY, the free SSH client from http://www.putty.org.
Prerequisites
You'll need the following information to connect to the instance:
• The public IP address of the instance. You can get the address from the Instance Details page in the
Console. Open the navigation menu. Under Core Infrastructure,gotoCompute and click Instances.
Then, select your instance. Alternatively, you can use the Core Services API ListVnicAttachments and
GetVnic operations.
• The username and password of your instance, and/or the full path to the private key portion of the SSH
key pair that you used when you launched the instance.
If you choose not to add a Day0 configuration, you can log in to the FTDv instance using the default credentials
(admin/Admin123).
You are prompted to set the password on the first login attempt.
Note
•Connect to the FTDv Instance Using SSH, on page 11
•Connect to the FTDv Instance Using OpenSSH, on page 12
•Connect to the FTDv Instance Using PuTTY, on page 13
Connect to the FTDv Instance Using SSH
To connect to the FTDv instance from a Unix-style system, log in to the instance using SSH.
Cisco Firepower Threat Defense Virtual for the Oracle Cloud Infrastructure Getting Started Guide
11
Procedure
Step 1 Use the following command to set the file permissions so that only you can read the file:
$ chmod 400 <private_key>
Where:
<private_key> is the full path and name of the file that contains the private key associated with the
instance you want to access.
Step 2 Use the following SSH command to access the instance.
$ ssh –i <private_key> <username>@<public-ip-address>
Where:
<private_key> is the full path and name of the file that contains the private key associated with the
instance you want to access.
<username> is the username for the FTDv instance.
<public-ip-address> is your instance IP address that you retrieved from the Console.
Connect to the FTDv Instance Using OpenSSH
To connect to the FTDv instance from a Windows system, log in to the instance using OpenSSH.
Procedure
Step 1 If this is the first time you are using this key pair, you must set the file permissions so that only you can read
the file.
Do the following:
a) In Windows Explorer, navigate to the private key file, right-click the file, and then click Properties.
b) On the Security tab, click Advanced.
c) Ensure that the Owner is your user account.
d) Click Disable Inheritance, and then select Convert inherited permissions into explicit permissions
on this object.
e) Select each permission entry that is not your user account and click Remove.
f) Ensure that the access permission for your user account is Full control.
g) Save your changes.
Step 2 To connect to the instance, open Windows PowerShell and run the following command:
$ ssh –i <private_key> <username>@<public-ip-address>
Where:
<private_key> is the full path and name of the file that contains the private key associated with the
instance you want to access.
Cisco Firepower Threat Defense Virtual for the Oracle Cloud Infrastructure Getting Started Guide
12
Access the FTDv Instance on OCI
Connect to the FTDv Instance Using OpenSSH
<username> is the username for the FTDv instance.
<public-ip-address> is your instance IP address that you retrieved from the Console.
Connect to the FTDv Instance Using PuTTY
To connect to the FTDv instance from a Windows system using PuTTY:
Procedure
Step 1 Open PuTTY.
Step 2 In the Category pane, select Session and enter the following:
•Host Name (or IP address):
<username>@<public-ip-address>
Where:
<username> is the username for the FTDv instance.
<public-ip-address> is your instance public IP address that you retrieved from the Console.
•Port: 22
•Connection type: SSH
Step 3 In the Category pane, expand Window, and then select Translation.
Step 4 In the Remote character set drop-down list, select UTF-8.
The default locale setting on Linux-based instances is UTF-8, and this configures PuTTY to use the same
locale.
Step 5 In the Category pane, expand Connection, expand SSH, and then click Auth.
Step 6 Click Browse, and then select your private key.
Step 7 Click Open to start the session.
If this is your first time connecting to the instance, you might see a message that the server's host key is not
cached in the registry. Click Yes to continue the connection.
Cisco Firepower Threat Defense Virtual for the Oracle Cloud Infrastructure Getting Started Guide
13
Access the FTDv Instance on OCI
Connect to the FTDv Instance Using PuTTY
Cisco Firepower Threat Defense Virtual for the Oracle Cloud Infrastructure Getting Started Guide
14
Access the FTDv Instance on OCI
Connect to the FTDv Instance Using PuTTY
CHAPTER 4
Managing the Firepower Threat Defense Virtual
with the Firepower Management Center
This chapter describes how to deploy a standalone FTDv device managed with a FMC.
This document covers the latest FTDv version features. If you are on an old version of software, refer to the
procedures in the FMC configuration guide for your version.
Note
•About Firepower Threat Defense Virtual with Firepower Management Center, on page 15
•Log Into the Firepower Management Center, on page 15
•Register the Device with the Firepower Management Center, on page 16
•Configure a Basic Security Policy, on page 18
•Access the Firepower Threat Defense CLI, on page 29
About Firepower Threat Defense Virtual with Firepower
Management Center
The Firepower Threat Defense Virtual (FTDv) is the virtualized component of the Cisco NGFW solution.
The FTDv provides next-generation firewall services, including stateful firewalling, routing, VPN,
Next-Generation Intrusion Prevention System (NGIPS), Application Visibility and Control (AVC), URL
filtering, and Advanced Malware Protection (AMP).
You can manage the FTDv using the Firepower Management Center (FMC), a full-featured, multidevice
manager on a separate server. For information about installing the FMC, see the FMC getting started guide.
The FTDv registers and communicates with the FMC on the Management interface that you allocated to the
FTDv virtual machine.
For troubleshooting purposes, you can access the FTD CLI using SSH on the Management interface, or you
can connect to the FTD from the Firepower CLI.
Log Into the Firepower Management Center
Use the FMC to configure and monitor the FTD.
Cisco Firepower Threat Defense Virtual for the Oracle Cloud Infrastructure Getting Started Guide
15
Before you begin
For information on supported browsers, refer to the release notes for the version you are using (see
https://www.cisco.com/go/firepower-notes).
Procedure
Step 1 Using a supported browser, enter the following URL.
https://fmc_ip_address
Where fmc_ip_address identifies the IP address or host name of the FMC.
Step 2 Enter your username and password.
Step 3 Click Log In.
Register the Device with the Firepower Management Center
Before you begin
Make sure the FTDv virtual machine has deployed successfully, is powered on, and has gone through its first
boot procedures.
This procedure assumes that you provided the registration information for the FMC via the day0/bootstrap
script. However, all of these settings can be changed later at the CLI using configure network commands.
See the FTD command reference.
Note
Procedure
Step 1 Choose Devices >Device Management.
Step 2 From the Add drop-down list, choose Add Device, and enter the following parameters.
Cisco Firepower Threat Defense Virtual for the Oracle Cloud Infrastructure Getting Started Guide
16
Managing the Firepower Threat Defense Virtual with the Firepower Management Center
Register the Device with the Firepower Management Center
•Host—Enter the IP address of the device you want to add.
•Display Name—Enter the name for the device as you want it to display in the FMC.
•RegistrationKey—Enter the same registration key that you specified in the FTDv bootstrap configuration.
•Domain—Assign the device to a leaf domain if you have a multidomain environment.
•Group—Assign it to a device group if you are using groups.
•Access Control Policy—Choose an initial policy. Unless you already have a customized policy you
know you need to use, choose Create new policy, and choose Block all traffic. You can change this
later to allow traffic; see Configure Access Control, on page 27.
•Smart Licensing—Assign the Smart Licenses you need for the features you want to deploy: Malware
(if you intend to use AMP malware inspection), Threat (if you intend to use intrusion prevention), and
URL (if you intend to implement category-based URL filtering).
•Unique NAT ID—Specify the NAT ID you specified in the FTDv bootstrap configuration.
Cisco Firepower Threat Defense Virtual for the Oracle Cloud Infrastructure Getting Started Guide
17
Managing the Firepower Threat Defense Virtual with the Firepower Management Center
Register the Device with the Firepower Management Center
•Transfer Packets—Allow the device to transfer packets to the FMC. When events like IPS or Snort are
triggered with this option enabled, the device sends event metadata information and packet data to the
FMC for inspection. If you disable it, only event information will be sent to the FMC, but packet data
is not sent.
Step 3 Click Register, and confirm a successful registration.
If the registration succeeds, the device is added to the list. If it fails, you will see an error message. If the
FTDv fails to register, check the following items:
• Ping—Access the FTD CLI (Access the Firepower Threat Defense CLI, on page 29), and ping the FMC
IP address using the following command:
ping system ip_address
If the ping is not successful, check your network settings using the show network command. If you need
to change the FTD IP address, use the configure network {ipv4 |ipv6}manual command.
• NTP—Make sure the NTP server matches the FMC server set on the System >Configuration >Time
Synchronization page.
• Registration key, NAT ID, and FMC IP address—Make sure you are using the same registration key,
and if used, NAT ID, on both devices. You can set the registration key and NAT ID on the FTDv using
the configure manager add command. This command also lets you change the FMC IP address.
Configure a Basic Security Policy
This section describes how to configure a basic security policy with the following settings:
• Inside and outside interfaces—Assign a static IP address to the inside interface, and use DHCP for the
outside interface.
• DHCP server—Use a DHCP server on the inside interface for clients.
• Default route—Add a default route through the outside interface.
• NAT—Use interface PAT on the outside interface.
• Access control—Allow traffic from inside to outside.
Procedure
Step 1 Configure Interfaces, on page 19
Step 2 Configure The DHCP Server, on page 22
Step 3 Add the Default Route, on page 23
Step 4 Configure NAT, on page 24
Step 5 Configure Access Control, on page 27
Cisco Firepower Threat Defense Virtual for the Oracle Cloud Infrastructure Getting Started Guide
18
Managing the Firepower Threat Defense Virtual with the Firepower Management Center
Configure a Basic Security Policy
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
-
1
-
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
Cisco Firepower NGFW Virtual Quick start guide
- Category
- Network management software
- Type
- Quick start guide
Ask a question and I''ll find the answer in the document
Finding information in a document is now easier with AI
Related papers
-
Cisco Adaptive Security Device Manager Configuration Guide
-
-
Cisco FirePOWER 8000 Series Appliances Configuration Guide
-
-
-
-
Cisco Firepower 4100 Series Configuration Guide
-
Cisco Firepower Management Center Virtual Appliance User guide
-
-