Shulou(Shulou.com)06/01 Report--

Recently, a Cisco FirePower test platform has been built using EVE-NG. In order to build this test environment, it took nearly a week to study the FirePower system and architecture. Because it is built on the EVE-NG environment, first of all, there must be certain requirements for computer performance, and the third is to be patient (it took more than 6 hours to install FMC). In the following test environment, in addition to studying the official documentation, several versions of the software were downloaded, installed N times, and the architecture was modified N times.

Here, I have to complain that the compatibility of the Cisco system is so bad that you can basically encounter all the BUG mentioned on the network official, and it is really too rich in resources. 8GB of memory and 4-core CPU are stuck. In the previous deployment of Prime Infrastructure production environment, the standard version of the system required 4x4 CPU, 32 gigabytes of memory, and 1T hard drive, but it was also extremely slow to run; the Web page of Cisco was also terrible.

In addition, people in the circle seem to be very conservative about the technology fortress. After looking for more than a week on the Internet, they can find very few technical documents related to Cisco FirePower (except the official website). What they can find is only part of the introduction. Then there is no resources on the intranet for running Cisco FirePower on EVE-NG (except for the official website and the extranet, of course), so I hope you will respect the fruits of my work.

The following is the architecture diagram of the experimental environment, which is relatively simple.

1)。 NET4 is the network card bridged by EVE-NG to the outside host, and the network segment is 172.16.100.0 Universe 24. This side uses bridging to connect the management interface Eth0 of FMC and FTP.

2)。 FMC01: Cisco FirePower Manager Center, used to manage FTD (Cisco Firepower Threat Defense (FTD), IP Address: 172.16.100.50 IP Address 24 GateWay: 172.16.100.1

3)。 FTD01: Cisco Firepower Threat Defense, IP Address: 172.16.100.46/24

4)。 R3: Inside Network, a Win host is connected to the intranet interface E0ram 0, and the intranet segment 10.133.32.0bin24

5)。 R2: Outside Network, the simulated public network is the Internet. E0Unix 0 connects to a Win host, and the public network segment: 192.168.201.0Unix 24.

Important: both FMC and FTD use e0swap 0 (in the virtual machine environment) as the management interface, and all the basic settings can only set the IP Address of the E0plus 0 interface as the management IP,FTD for initial registration to the FMC can only use the management interface, so the network between the management interfaces of FMC and FTD must communicate with each other. Because it is in the test environment, the management interface of FMC and FTD is set to the same network segment; the cross-network segment environment has not been tested yet.

-

FMC installation, software version 6.2.0-362, press EVE-NG to add FMC software and start it. By default, the software requires 8 GB of memory and 4 CPU. It took nearly 5 hours for the system to start up and enter the system for the first time, so it takes patience to complete the system installation. The following are the system installation steps, reinstall FMC again in order to write documentation.

The above are the basic settings of FMC, it should be noted that you need to use "sudo su -" to enter the root management rights and use configure-network to set the IP of the network card, and then use https://172.16.100.50 to complete the following settings.

Note: be sure to turn on the NTP service, or there will be problems with FTD registration. I got stuck in these once, but FTD failed to register.

These are the installation and basic settings of FMC

-

FTD installation, software version 6.2.0-362, press EVE-NG to add FTD software and start it. By default, the software requires 8 GB of memory and 4 CPU. It took nearly 1 hour for the system to start to enter the system for the first time. The following are the system installation steps

After completing the above, click to set the new password, IP, system hostname, firewall mode (routed/transparent, default is routed mode).

Because FTD does not have any settings, the above are the basic settings of the system, use ssh 172.16.100.45 to log in to FMC and use show network to verify that the FMC settings are correct.

-

FTD registers with FMC. Use the command configure manager add 172.16.100.50 cisco123 to FMC (172.16.100.50 registration), followed by cisco123 to verify keys

The basic settings for adding FTD to FMC are as follows:

Add a policy to publish to FTD.

Click the "Register" button to complete the registration, and the FMC system will check the registered FTD.

Use "show managers" on FTD to check that registration is complete.

-

FMC policy deployment, mainly set FTD interface IP, Router and other information, other policies will not be tested for the time being.

Use commands such as show running-config route to verify on FTD

Add the policy of "excluding EIGRP, OSPF and BGP messages from Firepower*** checking" on FMC and issue tests

Use "show access-list" for verification on FTD

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.