Cisco Firepower Threat Defense. Part 1: Migration

The Firepower Threat Defense (FTD) device supplies next-generation firewall services, including stateful firewalling, routing, Next-Generation Intrusion Prevention System (NGIPS), Application Visibility and Control (AVC), URL filtering, and Advanced Malware Protection (AMP) *. Threat Defense includes all the features of FirePOWER Services Software for ASA integrated with firewall functionality plus single management interface. What else to ask for?

Components:

Cisco Firepower Threat Defense Software-6.0.1

Migration is very simple and straightforward. Make sure and use management interface for network connectivity. Download boot and OS  images from Cisco. TFTP server is also a requirement.

Boot ASA to rommon and assign IP/Subnet/Server/Image to boot from.

rommon 1 > ADDRESS=10.50.10.2
rommon 2 > SERVER=10.50.10.3
rommon 3 > GATEWAY=10.50.10.1
rommon 4 > NETMASK=255.255.255.0
rommon 5 > IMAGE=ftd-boot-9.6.1.0.lfbff
rommon 6 > tftpdnld
             ADDRESS: 10.50.10.2
             NETMASK: 255.255.255.0
             GATEWAY: 10.50.10.1
             SERVER: 10.50.10.3
             IMAGE: ftd-boot-9.6.1.0.lfbff
            VERBOSITY: Progress
               RETRY: 40
          PKTTIMEOUT: 7200
             BLKSIZE: 1460
            CHECKSUM: Yes
                PORT: GbE/1
             PHYMODE: Auto Detect

Receiving ftd-boot-9.6.1.0.lfbff from 10.50.10.131!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

<snip>

When this is done it drops you in boot mode where you start with well known setup command.

            Cisco FTD Boot 6.0.0 (9.6.1.)
              Type ? for list of commands
test-boot>setup

After network connectivity setup is complete install new OS image. In the middle of installation you will be asked to confirm in order to proceed forward. If confirm action not taken  install will abort. Option “noconfirm” helps bypass this requirement.

test-boot>system install noconfirm ftp://************/ftd-6.0.1-1213.pkg

######################## WARNING ############################
# The content of disk0: will be erased during installation! #
#############################################################

Do you want to continue? [y/N] y
Erasing disk0 …

<snip>

Once done, login, accept EULA and configure network settigns.

Cisco ASA5506-X Threat Defense v6.0.1 (build 1213)
firepower login: admin

Password:
You must accept the EULA to continue.
Press <ENTER> to display the EULA:

System initialization in progress.  Please stand by.  

You must change the password for ‘admin’ to continue.
Enter new password:
Confirm new password:
You must configure the network to continue.

<snip>

Next, select firewall configuration mode and complete setup.

Configure firewall mode? (routed/transparent) [routed]:
Configuring firewall mode …

At this point, we’ve blank FTD sensor and to proceed further we need to join it to Firepower Management Center (FMC).

In Part 2 I’ll go over management, smart licenses, and firewall command line interface access.

Leave a reply:

Your email address will not be published.

Site Footer

Sliding Sidebar