Recently, the Cisco Firepower Test platform was built using Eve-ng. In order to build this test environment, it took nearly one weeks to study the firepower system and architecture. Because it is built in the EVE-NG environment, first of all, the computer performance must have certain requirements, again is to have patience (installation of FMC, a full spend 6 hours). The following test environments, in addition to the study of official documents, downloaded several versions of the software, installed n times and modified the n-th schema to complete.
Here I have to vomit trough, Cisco system compatibility is too bad, the network officer on the bug basically can meet, the other is really too proud resources, 8G of memory, 4 core CPU run to die. Previously deployed prime infrastructure production environment, the standard version system requires 4*4 CPU, 32G memory, 1T hard disk, but it is also very slow to run, Cisco's Web page is rotten.
In addition, insiders seem to be very conservative technology fortress, on the internet for more than one weeks, can find about the Cisco Firepower related technical documents very very few (except the official website), can find is only part of the content. Again is the intranet about Eve-ng running Cisco firepower Little bit of resources are not (of course, in addition to the official website and outside the network), so I hope you respect my labor results.
The following architectural diagram of the experimental environment, this architecture diagram is still relatively simple
1). NET4 for the Eve-ng Bridge to the outside host network card, the network segment is 172.16.100.0/24, this party uses the way of bridging to connect FMC and FTP management interface Eth0.
2). Fmc01:cisco FirePower Manager Center for managing FTD (Cisco FirePower Threat Defense (FTD), IP address:172.16.100.50/24 Gatewa y:172.16.100.1
3). Ftd01:cisco Firepower Threat Defense, IP address:172.16.100.46/24
4). R3:inside Network, intranet interface e0/0 connected to a win host, intranet network segment 10.133.32.0/24
5). R2:outside Network, Analog extranet is the Internet, e0/0 connected to a win host, outside the network segment: 192.168.201.0/24
Focus: FMC and FTD are using e0/0 (in the virtual machine environment) as the management interface, and all the basic settings can only set the E0/0 interface IP address as management IP,FTD to the FMC Initial registration can only use the management interface, Therefore the network between the FMC and the FTD management interface must communicate with each other. Because in the test environment, FMC and FTD management interface set the same network segment, cross-network segment environment is not tested yet.
--------------------------------------------------------------------------------------
FMC installation, software version 6.2.0-362, press eve-ng new FMC software to start, the software default requires 8G of memory, 4 CPUs. The system was first launched to enter the system, it took nearly 5 hours, so to complete the system installed with patience. The following is the system installation steps, in order to write the document re-install FMC ...
The above is the FMC basic settings, it is important to note that is to use "sudo su-" to enter the root administrative rights and use Configure-network to set the IP card, and then use https://172.16.100.50 to complete the subsequent settings.
The above is the FMC installation and basic settings
--------------------------------------------------------------------------------------
FTD installation, software version 6.2.0-362, press eve-ng new FTD software to start, the software requires 8G of memory, 4 CPUs by default. The system was first booted into the system and took nearly 1 hours. The following are the system installation steps,
After completing the above, click to set a new password, IP, system hostname, firewall mode (routed / transparent, the default is routed mode).
The FTD is not set, so the above is the basic system settings. Use ssh 172.16.100.45 to log in to the FMC and use show network to verify that the FMC settings are correct.
The FTD is registered with the FMC. Use the command configure manager add 172.16.100.50 cisco123 to register with FMC (172.16.100.50). The following cisco123 is the authentication key.
FMC adds FTD basic settings as follows:
Add a strategy for publishing to FTD.
After clicking the "Register" button to complete the registration, the FMC system will check the registered FTD
Use "show managers" on FTD to check if registration is complete.
-------------------------------------------------- --------------------------------------
FMC policy deployment mainly sets the IP and Router information of the FTD interface. Other strategies are not tested for the time being.
Use commands such as show running-config route on the FTD to verify
Add "EIGRP, OSPF and BGP message exclusion from Firepower intrusion check" policy on FMC and issue test
Verify with "show access-list" on FTD
This article is from the "unintentional injury" blog, so be sure to keep this source http://arckyli.blog.51cto.com/13756/1983448
Eve-ng Cisco FirePower System