Scribd
Upload
4 views

06. FTD Configuration Using FDM

The document outlines the configuration process for a Firepower Threat Defense (FTD) device using the Firepower Device Manager (FDM). It includes steps for logging in, configuring network settings, managing interfaces, and deploying changes. Additionally, it provides testing and verification instructions to ensure proper connectivity and functionality of the device.

Uploaded by

Qamar Mohammad
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
4 views

06. FTD Configuration Using FDM

The document outlines the configuration process for a Firepower Threat Defense (FTD) device using the Firepower Device Manager (FDM). It includes steps for logging in, configuring network settings, managing interfaces, and deploying changes. Additionally, it provides testing and verification instructions to ensure proper connectivity and functionality of the device.

Uploaded by

Qamar Mohammad
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

FTD Configuration Using FDM:

Login to the device using the default username is admin and the password is Admin123. Once
logged into the device you can configure the device.

o Press any key until prompted “Please enter “YES” or press <ENTER> to AGREE to the EULA:”
o Enter a new password
o Do you want to configure IPv4? (y/n): y
o Do you want to configure IPv6? (y/n): n
o Configure IPv4 via DHCP or manually? (dhcp/manual) [manual]:
o Enter an IPv4 address for the management interface [192.168.45.45]: 192.168.114.100
o Enter the IPv4 default gateway for the management interface [192.168.45.1]: 192.168.114.2
o Enter a fully qualified hostname for this system [firepower]: FTD
o Enter a comma-separated list of DNS servers or “none” [208.67.222.222,208.67.220.200]:
o Enter a comma-separated list of search domains or “none” []: lab.local

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


When prompted to Manage the device locally> (yes/no) [yes]: select yes

Run the command show network to display the configuration of the management interface

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Once the setup has complete run the command ping system <default gateway ip> to test
connectivity. If the gateway response you can login to the GUI

Open a browser and https into the IP address you configured to manage the FTD, this will open
the FDM (On-Box) manager. https://192.168.114.100 Accept any certificate errors presented by
the web browser.

Enter the username of admin and the password you set previously.

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


The Device Setup wizard will be display, as default the GigabitEthernet0/0 interface configured
as the OUTSIDE interface, with DHCP enabled and the GigabitEthernet0/1 interface will be
configured as the INSIDE interface, with a static IP address of 192.168.45.1.

o Scroll down to the Management Interface section.


o Configure DNS Servers if required (by default OpenDNS/Umbrella DNS Servers defined).
o Change the Firewall Hostname if required.
o Click Next

4 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Amend the Time Settings Network Time Protocol (NTP) if required.

o Click Next
o Select Start 90-day evaluation period without registration.
o Click Finish

5 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


o When prompted click Configure Interfaces.

o Edit the configuration of the GigabitEthernet0/1 interface, to change the IP address to


match your internal network in our case change to 192.168.1.100.

6 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


o Change the IP Address and the Subnet Mask as required.
o Click Edit/Delete in order to Edit or Delete the DHCP server address pool.
o Click OK once complete.

From the top menu select Policies, the default Access Control policy trusts all outbound traffic
and blocks all inbound traffic. So need to change or edit anything.

7 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


o Click NAT
o A default NAT rule should already be in place NATTING traffic from “any-ipv4” address on
the INSIDE network behind the OUTSIDE interface.

o Click the Device: <DEVICE NAME> from the top menu.


o Click Routing
o Click Create Static Route
o Select IPv4
o Click the Gateway drop-down list, then select Create New Network
o Create a new object
o Click OK

Configuration is now complete, and the changes can be deployed to the device.
o Click the on the top menu

o Click Deploy Now

8 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Deployment can take anywhere from 20 seconds to a couple of minutes depending on the
number of changes.

Testing/Verification:
First assign IP address to Internal LAN test PC in this case 192.168.1.1 subnet mask
255.255.255.0 Gateway is our FTD Firewall 192.168.1.100 and DNS 8.8.8.8 and 1.1.1.1 click Save
Configuration Yes the save changes.

9 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


From a computer on the local network, browse the internet to generate traffic, hopefully this
will be successful.

Enter command show route to confirm the presence of the static routes.

10 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Enter the command show nat detail Outbound internet traffic should hit the default NAT rule.

Enter the command show conn detail, this will list all active connections on the FTD.

11 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

You might also like