Network Security

POV Workshop

GSSO Channel Engineering

 • POV Lifecycle
• Deployment Options
• Pre-Stage
• Install FTD Image
• Connect FTD to FMC

Agenda • FMC Configuration

• Config Push to FTD
• Risk Reports
• Sanitize

© 2017 Cisco and/or its affiliates. All rights reserved. 2

POV Lifecycle

© 2017 Cisco and/or its affiliates. All rights reserved. 3

Partner Executed POV
Well-established process to ensure success and drive partner profitability. The Fire Jumper program builds
competence with Cisco solutions and prepares partner SEs for POVs. Individual and partner incentives and
promotions help to migrate Cisco and competitive installed base.

Training
Training &
& Incentives
Incentives &
& Partner
Partner
POV
POV Delivery
Delivery
Enablement
Enablement Promotions
Promotions Profitability
Profitability

1. Well defined POV program with established

Fire Jumper trained partner SEs engage Win Criteria
with customers and lead POVs 2. Best Practices Guides for repeatable
processes and increased Win Rate
3. Engagement with Channel and Direct teams
for opportunities

4
POV Methodology

Find
Find
Opportunity
Opportunity

• Installed customer base

Fire Jumper trained•partner

Competitive take-outs
SEs engage
Find
with customers
Find and•lead POVs generation activities
Opportunity
Opportunity Demand
• Call campaigns
• Account mapping
5
POV Methodology

Find
Find Presentation
Presentation
Opportunity
Opportunity &
& Demo
Demo

• dCloud for demo delivery

https://dcloud.cisco.com
Fire Jumper trained•partner
PrepareSEs
forengage
demos through Fire Jumper Program
Presentation
withPresentation
customers and lead POVs
&
& Demo
Demo https://community.cisco.com/t5/security-documents/overview-fire-j
umper-academy-for-cybersecurity-systems-engineers/ta-p/3657706
• Partner Help for delivery of customer facing presentations and demos
www.cisco.com/go/ph
6
POV Methodology

Find
Find Presentation
Presentation Proof
Proof of
of Value
Value
Opportunity
Opportunity &
& Demo
Demo

• Win Criteria defined up-front to limit scope of POV

• Data Collection Worksheet to properly prepare solution
Fire Jumper trained partner SEs engage
configuration
withProof
customers
Proof of Value and lead POVs
of Value
• On-site delivery leveraging dCloud where available
• If hardware required, please contact your Cisco Security AM
• Customer facing meeting to deliver reports focused on Cisco
differentiating value 7
Deployment Options
Proof of Value

© 2017 Cisco and/or its affiliates. All rights reserved. 8

On-Site POV Process

• Software Download
• Software Installation
• Licensing
• Initial Configuration
• Customer Report Generation
• Device Sanitization

POV Portal: https://community.cisco.com/t5/security-documents/product-proof-of-value-pov/ta-p/3633986

9
 On-Site Sensor with On-Site
• Build VMware ESXi server
FMC Internet • Download and install FMC VM
• Add Licenses to FMC
• Update FTD Software
Firewall • Place FTD on span or tap port
• Link FTD with FMC
• Configure Policies:
span / tap • System
Switch FTD • Health
• Intrusion
• File
• Access Control
• Perform POV
• Generate Risk Reports
Users Active VMware Risk
Directory ESXi FMC Reports • Sanitize (FTD, FMC)
LAN
 On-Site Sensor with On-Site
FMC Internet
• For FTD setup via FMC, the
configuration guide can be found
here:
Firewall https://www.cisco.com/c/en/us/s
upport/security/firepower-ngfw/p
roducts-installation-and-configura
tion-guides-list.html
span / tap
Switch FTD
• FMC can be setup in a virtual
environment (shown here) or as a
physical appliance

Users Active VMware Risk

Directory ESXi FMC Reports
LAN
 On-Site Sensor with On-Box
FDM Internet • For FTD setup via the FDM, the
configuration guide can be found
here:
https://www.cisco.com/c/en/us/s
upport/security/firepower-ngfw/p
Firewall roducts-installation-and-configura
tion-guides-list.html
FDM
span / tap • Risk Reports are not available
Switch through FDM
FTD
• FDM is not currently supported on
the Firepower 4100/9300
Appliances
Users Active Risk
Directory Reports
LAN
On-Site Sensor with dCloud FMC
(recommended) • Schedule dCloud Session
Internet dCloud • Download and install FMC VM
• Add Licenses to FMC
FMC
• Update FTD Software
• Place FTD on span or tap port
Firewall
TCP 8443 • Link FTD with FMC (TCP 8443)
• Configure Policies:
Risk • System
Switch Reports • Health
span / tap • Intrusion
• File
FTD • Access Control

• Perform POV
• Generate Risk Reports
Users Active
Directory • Sanitize (FTD, FMC)
LAN
On-Site Sensor with dCloud FMC
(recommended)
Internet dCloud

FMC
• Pre-configured & pre-licensed
Manager
Firewall • Reduced on-site deployment
TCP 8443
• Ensures consistency and saves
Risk time
Switch Reports
span / tap • Eligible for active Cisco incentives
FTD

Users Active
Directory
LAN
 On-Site Virtual Sensor with FMC or FDM
Internet
• For FTDv setup, the FMC and FDM
configuration guides can be found
here:
Firewall https://www.cisco.com/c/en/us/s
upport/security/firepower-ngfw-vi
rtual/products-installation-guides-
list.html
Switch
span / tap • Options for on-site or dCloud
management still apply

FTDv
Users Active VMware
Directory ESXi
LAN
On-Site Sensor with dCloud FMC
(recommended)
Internet dCloud
• The remainder of this guide will use
FMC the on-site sensor with dCloud FMC
option and Firepower 2K Appliance
Firewall
for the POV workshop
TCP 8443

Risk • If the FTD device to be deployed for

Switch Reports the POV is an ASA appliance, please
span / tap use the lab guide found in the FMC
FTD POV dCloud lab for configuration
details

Users Active
Directory
LAN
Deployment Options Summary
• There are many different options for a POV deployment

• Choose one that is the most suitable for the customer

environment

• If possible, utilize the pre-configured dCloud FMC for ease

of deployment
Pre-Stage
Proof of Value

© 2017 Cisco and/or its affiliates. All rights reserved. 18

dCloud Features / Access
Setting up a dCloud POV Sessions

• Browse to https://dcloud.cisco.com
• Select Login
dCloud Features / Access
Setting up a dCloud POV Sessions

• Browse to https://dcloud.cisco.com
• Select Login
• Login in with CCO ID
dCloud Features / Access
Setting up a dCloud POV Sessions

• Browse to https://dcloud.cisco.com
• Select Login
• Login in with CCO ID
• Select Catalog from the toolbar
• Search for Firepower POV
dCloud Features / Access
Setting up a dCloud POV Sessions

• Browse to https://dcloud.cisco.com
• Select Login
• Login in with CCO ID
• Select Catalog from the toolbar
• Search for Firepower POV
• Select Schedule for desired POV demo
dCloud Features / Access
Setting up a dCloud POV Sessions

• Browse to https://dcloud.cisco.com
• Select Login
• Login in with CCO ID
• Select Catalog from the toolbar
• Search for Firepower POV
• Select Schedule for desired POV demo
• Enter POV timeframe and click Next
dCloud Features / Access
Setting up a dCloud POV Sessions

• Browse to https://dcloud.cisco.com
• Select Login
• Login in with CCO ID
• Select Catalog from the toolbar
• Search for Firepower POV
• Select Schedule for desired POV demo
• Enter POV timeframe and click Next
• Enter relevant information and click Schedule
dCloud POV Duration

• Initial dCloud Schedule limits users to 5-day demos

• dCloud will authorize 30-day extension for all POVs
• Extensions beyond 30-days are handled on a case by case basis and
require additional customer opportunity information
• Risk reports are based on 5-days of customer traffic and additional
time should only be used as required to troubleshoot receiving
network traffic or other items

25
 Data Collection Worksheet

• It is important to fill out the Data Collection Worksheet

in the FTD POV Best Practices guide located here:
https://community.cisco.com/t5/security-documents/pr
oduct-proof-of-value-pov/ta-p/3633986

• The relevant customer information required to

complete the document will make the pre-staging of the
FTD sensor a seamless process
 Download FTD Software (FPR2110 Example)
• Go to: https://software.cisco.com/download/home
• Navigate to Downloads Home > Products > Security > Firewalls > Next-Generation Firewalls (NGFW) >
Firepower 2100 Series > Firepower 2110 Security Appliance > Firepower Threat Defense Software

• Select the following and download the version

listed below or later:
• Firepower 2100 Series Install Package
v6.4.0 (cisco-ftd-fp2k.6.4.0-102.SPA)
Capture Relevant FMC Information

• The My Hub tab will reflect scheduled sessions

• Select View for the FMC Proof of Value Lab

Capture Relevant FMC Information

• The My Hub tab will reflect scheduled sessions

• Select View for the FMC Proof of Value Lab

• Select Details
• Note the Owner and Session ID
Capture Relevant FMC Information

• The My Hub tab will reflect scheduled sessions

• Select View for the FMC Proof of Value Lab

• Select Details
• Note the Owner and Session ID

• Scroll down and note the Public Address

Preparation Summary

• Schedule the dCloud FMC instance for the POV

• Complete the Data Collection Worksheet

• Download FTD software

• Capture the relevant FMC information from the dCloud FMC

Install FTD Image
Proof of Value

© 2017 Cisco and/or its affiliates. All rights reserved. 32

 Install & Configure FTD
• FXOS CLI can be directly accessed through the console port

• If connecting via SSH to the Management 1/1 interface, use the connect fxos command to
access the FXOS CLI

• Then use the scope firmware command to enter firmware mode

• Use the download image command with the protocol of your choice to transfer the FTD
package file previously downloaded onto the Firepower 2110 appliance
• Supported methods include FTP, TFTP, SFTP, SCP and USB
 Install & Configure FTD
• Check the status of the download using the show download status command

• Use the auto install and install security-pack commands with the exact version of the
package file that was download to install
 Install & Configure FTD
• A warning that the system will be re-imaged will be prompted for confirmation

• After confirmation, the status can be monitored using the show command before the system
automatically reboots
 Install & Configure FTD
• Within 15-30 minutes, FXOS and FTD will be accessible

• In FXOS, use the connect ftd command, which will launch the EULA and initial configuration for FTD
• Note that you may have to wait a few additional minutes for FTD to finish starting up to use this command

• After accepting the EULA, the initial configuration will launch

• Reference the Data Collection Worksheet document previously completed
Install & Configure FTD
• Confirmation of the initial configuration parameters will appear

• Enter no for the device to be managed locally as for this scenario FMC in dCloud will be utilized
instead of the local FDM
• It is possible to change this setting after the initial configuration is complete
• If local management is chosen, the device will be configured in routed mode
Install FTD Summary

• Download the FTD software onto the FTD device

• Install the software package

• Accept the EULA

• Apply the initial configuration to the device

Connect FTD to FMC
Proof of Value

© 2017 Cisco and/or its affiliates. All rights reserved. 39

Install & Configure FTD
• Return to the FTD CLI

• Change the management port to 8443 via configure network command (only for dCloud FMC)

• Verify the port has successfully changed to 8443 using the show network command
Install & Configure FTD
• Use the configure manager add command to have FTD connect to FMC

• FMC IP is the Public Address provided from the dCloud session details

• The registration key and nat-id used in this example is C1sco12345 and 12345

• Any registration key and unique nat-id may be used so long as it is noted since it will also be
needed when configuring the FMC

• The nat-id is used for scenarios in which one of either the FMC or FTD is behind a PAT network
device and therefore cannot be reached via a 1:1 or static IP assignment
Access the FMC
• Browse to the FMC using https to the Public Address from dCloud session details

• Login using Owner for the FMC username and Session ID for the password
Smart Licenses
• Navigate to System > Licenses > Smart Licenses

• Ensure that the 90-day no-cost evaluation licenses are active

Connect FTD to FMC
• Navigate to Devices > Device Management

• Select Add > Add Device

• Provision the following parameters:

• Use ‘DONTRESOLVE’ for Host and
• Registration Key of ‘C1sco12345’
• Select ‘Cisco POV Access Control Policy’ for policy
• Check the Malware, Threat, and URL Filtering Licenses
• Enter ‘12345’ for the Unique NAT ID
• Check ‘Transfer Packets’

• Click Register
Connect FTD to FMC
• The FMC will look for the FTD device

• The device will then appear in FMC

Troubleshooting
• Use show managers from FTD CLI to confirm FMC IP address and status

• If ‘Registration’ shows as Pending, the connection is not complete

• Ensure registration key and unique NAT-ID match with FMC

• If all goes well, Registration status will show as Completed

Connecting FTD to FMC Summary

• Configure the FTD device to connect to FMC

• Configure FMC to look for the FTD device

• Verify the connection is made in both FMC and FTD

• Use troubleshooting commands if needed

FMC Configuration
Proof of Value

© 2017 Cisco and/or its affiliates. All rights reserved. 48

Object Management: HOME_NET Variable
• Browse to Objects > Object Management
• Select Variable Set on the left hand side
• Select to edit the Default-Set
Object Management: HOME_NET Variable

• Select next to HOME_NET

to edit the variable
Object Management: HOME_NET Variable
• Click to create a new Network Object
Object Management: HOME_NET Variable
• Enter a Name (e.g. HOME_NET)

• Enter a Description (e.g. Customer Environment)

• Select a Network type (e.g. Network segment, IP range, Host, etc)

• In this case, an entire network segment from the customer environment is specified

• Click Save
Object Management: HOME_NET Variable
• Include the new network object in the HOME_NET variable
• Click Save, then Save, then Yes
Object Management: Network Discovery Policy

• Browse to Policies > Network Discovery

• Select to delete the IPv4-Private-All-RFC1918
• Click Yes to confirm
Object Management: Network Discovery Policy

• Select to add a new rule

• Select the Users checkbox
• Add the newly created HOME_NET variable to the right hand pane and click Save
Configure Passive Interface
• Navigate to Devices > Device Management

• Select to edit device and then select to edit interface connect to the network
Configure Passive Interface

• Provide a Name
• Ensure the interface is Enabled
• Set Mode to Passive
• Define a new Security Zone
• Click OK
Configure Passive Interface

• When configuration changes are made, a reminder to save them appears at the top right
• Click Save before proceeding with deploying the changes to the FTD device
FMC Configuration Summary
• Edit a system-provided variable (HOME_NET)

• Create a new object to reflect the customer’s network

segment for discovery

• Create a new discovery policy which will discover

hosts and users within the customer network

• Configure passive interface for FTD device

Config Push to FTD
Proof of Value

© 2017 Cisco and/or its affiliates. All rights reserved. 60

Deploy Configuration to FTD Device
• Click the Deploy button at top right to push interface configuration to FTD

• Select the checkbox by your FTD device

• Configuration changes not yet

deployed are shown here

• Select the FTD device

• Click Deploy at the bottom right

Deploy Configuration to FTD Device
• View the status of deployment by clicking the green checkmark

• When the deployment is completed, the status of the passive interface should turn green
Confirm Traffic Flow to FTD
• Browse to Analysis > Connections > Events

• If events are not populating, verify that interfaces are connected, enabled, and the
SPAN port or tap is functional
Risk Reports
Proof of Value

© 2017 Cisco and/or its affiliates. All rights reserved. 64

Risk Reports
• Browse to Overview > Reporting

• Select Report Templates

• Generate Advanced Malware, Attacks, and Network Risk Reports

Risk Reports
• Generate Advanced Malware, Attacks, and Network Risk Reports
• Custom reports are available

• Download and save the reports

Proof of Value Summary

• Complete close-out meeting with customer

• Focus on Win Criteria from the FTD POV Best Practices guide

• Differentiate value of Cisco Solution

• Propose Bill of Materials

Sanitize
Proof of Value

© 2017 Cisco and/or its affiliates. All rights reserved. 68

Sanitization
• After a successful POV
• Purge customer data
• Prepare for next POV

• End dCloud session which will automatically delete the FMC VM and any customer information

• Erase and reformat the FTD File System

• Reinstall FTD for the next customer engagement

Powering Off FTD
• FTD should not be powered off with a switch or by pulling a power cord.
Disk corruption can occur, and can cause problems with deploying
policies or upgrades later.

• Power off an FTD from FMC

• Devices > Device Management
• Select your device
• Click the Device tab
• Click the Red Stop symbol
in the System Menu

• Power off an FTD from CLI

Thank You!

© 2017 Cisco and/or its affiliates. All rights reserved. 71 71