#

Monday, December 28, 2020

Running Cisco FMC + FTD Initially on EVE-NG

Well I am going to share my experience of FMC + FTD initial lab setup. You will have to have an EVE-NG server with a lot RAM otherwise it won't work.


32 GB RAM For FMC
8 GB RAM per FTD

It takes a long time to come up even with above amount of RAM.. more than 30 minutes perhaps!

Also remember to get FMC and FTD in same version.
ex:- If FMC is 6.2.0 the FTD must also be 6.2.0


I used 6.2.0 version, 6.3.0 was not working for me..
For both FMC & FTD, the default credentials are as follows..

username: admin
password: Admin123

If  it seems FMC or FTD is booted up but not accepting the credentials all the time, just give it some time and try, it must be still booting.. If it is not connecting and showing database connecting error or something, reboot it and hit enter when the red screen appears..

1st let's look at FMC,

After you enter the default login credentials just enter the following command and will go through the initial setup wizard..
sudo configure-network


















As you can see, the Management IP address for FMC is 10.1.3.10
This is the IP I use to log in to FMC and also to register FTDs.

After the above are configured, you can access it through a web browser, It will go through a configuration verification page 1st time you login, where you will configure the new password..

Now it's time to register this in evaluation mode,

Go to System > Licenses > Smart Licenses and click on evaluation mode. 
This give you 90 days of full features.












Now to the FTD,

After you enter the default credentials you will be asked to accept the EULA (End User License Agreement) and then it will ask you to change the default password to something new and the wizard will come up then..




You can verify the configuration by the following command after this.
>show network

Now let's try adding the FTD to FMC.

Just add the FMC address at FTD by following command,
>configure manager add 10.1.3.10 cisco123

cisco123 was the key

Now you can verify the FMC address by following command,
>show managers

Now at FMC GUI, 

Go to Devices > Device Management > +Add Device

You will need to create an Access Policy because the FTD must have it before it is added.










Just create click on the drop down and create new one with action of network discovery like the following..










If it is successfully added, you will see it like the following,















Notes:-

You will notice on FTD that you cannot ping anywhere from it,







This is because there is no route to anywhere no ip address seen on Management interface,












This is because you are at the ASA engine, to go to the Firepower engine enter the following command,
>expert

Now you can see the gateway gave at the beginning and you should be able to ping FMC from here. Remember this is a Linux shell..













By the way, there is a command in Converged CLISH mode to ping the FMC,
ping system 10.1.3.10

If you ever needed to change the IP address of the FMC, you can do it via the following CLI command from expert mode,
sudo /usr/local/sf/bin/configure-network



by at
Tags ,

1 comment:

  1. AnonymousNovember 26, 2023 at 6:09 PM

    How we can get FMC 6.2.0 & FTD 6.2.0 also

    ReplyDelete

Subscribe to: Post Comments (Atom)