The Cisco FTD installation process and its integration with Cisco FMC for centralized management is the topic of this section. We will install Virtual FTD and Virtual FMC with importing the OVF version of these software. Then we will integrate FTD and FMC with each other so that we can manage FTD centrally and via centralized FMC.

in previous section, we have explaind cisco FTD features.

Cisco FTD Topology

This is the minimal topology that we will implement in this course. Cisco FTD is connected to both Internet and LAN network to inspect traffic between these two zones. FMC and FTD are connected to each other through an out-of-band management network.

FTD Topology
FTD Topology

Management network has the IP range 192.168.200.0/24. 192.168.200.100 is the IP address of FMC and 192.168.200.101 is the IP address of FTD.

What We Will Implement In this section is to configure FTD and FMC to connect to each other through out-of-band management network.

Cisco FTD Installation and initial Configuration

To start configuring, I import OVF version of FTD and FMC in ESX server.

I am using version 7.0.1 which is currently the last recommended version of FTD and FMC in Cisco Website.

Cisco FTD latest recommended Version
Cisco FTD latest recommended Version
Cisco FMC latest recommended Version
Cisco FMC latest recommended Version
import FTD OVF
import FTD OVF

There is nothing important to explain how to import FTD and FMC OVF in ESX server.  We start with FTD OVF.

The only point that I would link to mention is that FMC has only one network adapter which is used for management and it is connected to out-of-bank management network.

But FTD has many network adapters. The first adapter is for management. so it is connected to the out-of-bank management network. the second adapter is optional diagnostic interface and it can be used for SNMP and syslog monitoring and cannot be used for data traffic. From the third interface , starting with Gigabitethernet0/0, it can be used for data traffic.

FTDv default interfaces
Cisco FTDv default interfaces
FMC default interfaces
Cisco FMC default interfaces

When FTD OVF is fully loaded, username and password are the first prompt that you can see. FTD and FMC default username and password are admin/Admin123.

FTD default username and password
Cisco FTD default username and password

Then the license must be accepted.

TD License agreement
Cisco FTD License agreement

Then a new password must be configured.

FTD new Password
FTD new Password

Then IP address, subnet mask, gateway address, the name of FTD, list of DNS servers and domain-name must be configured.

Manage the device locally? Please set it to “no” which means it will be configured through central FMC management server.

Configure firewall mode? We will talk about the difference between transparent and routed mode in a special video. But for the beginning, we will start with routed mode. This means that FTD is a part of our routing infrastructure and must take part in our routing topology.

FTD initial Configuration
Cisco FTD initial Configuration

With “show firewall” command, you can check if your firewall is in transparent or routed mode.

With command “show managers”, we can check if FTD is connected to any FMC manager. of course at first there is no FMC configured.

With command “configure manager add 192.168.200.100 rayka”, we can add FMC manager in FTD. Later we have to also add FTD in FMC manager. “rayka” is here the key to secure the connectivity.

Again with “show managers”, we can check the status of connecting FTD to FMC. Current state is “pending” until we add also FTD in FMC manager.

FTD add manager
FTD add manager

Cisco FMC installation and initial Configuration

Now we start configuring FMC with importing FMC OVF.

import FMC OVF
import FMC OVF

When FMC OVF is fully loaded, username and password are the first prompt that you can see. FTD and FMC default username and password are admin/Admin123.

Then the license must be accepted.

FMC default username and password
FMC default username and password

Then a new password must be configured.

Then name of FMC, IP address, subnet mask, gateway address, list of DNS servers and list of NTP server must be configured.

FMC initial configuration
FMC initial configuration

Then we are allowed to connect to FMC through web interface with username and password that we have already configured.

FMC login page
FMC login page

in the first page, we enable 90 day evaluation license.

FMC after login evaluation license activation
FMC after login evaluation license activation

Then we need to add FTD in FMC. When we add FTD, we need to select some other options in addition to FTD’s IP address.

What we prefer as default policy in FTD. Block everything? permit everything and only prevent intrusions? or discover network traffic?

I will choose the second option. That means everything is permitted except intrusions until I start configuring the firewall.

We also have the option to enable other licenses, including malware detection, IPS and URL filtering. In a specific video we will talk about different FTD licenses.

Now you can save your default policy to add FTD in FMC.

Add FTD in FMC
Add FTD in FMC
Add FTD in FMC continue
Add FTD in FMC continue
Add FTD in FMC continue
Add FTD in FMC continue
Add FTD in FMC continue
Add FTD in FMC continue
FTD added in FMC
FTD added in FMC

Now that FTD is added in FMC, we can also check it in FTD with command “show managers” to make sure that both sides are connected to each other correctly.

FTD connected to FMC
FTD connected to FMC
> show managers
Type                      : Manager
Host                      : 192.168.200.100
Registration              : Completed

>
Back to: Cisco FTD Design and Implementation > FTD / FMC installation and initial configuration

Leave a Reply

Your email address will not be published. Required fields are marked *


Post comment