Starting with Firepower 7.2, Cisco announced the ability to manage these firewalls using a Cisco hosted Cloud-Delivered Firewall Management Center (cdFMC). I recently had a project setting up cdFMC for the first time so I figure I would go over what I learned and show how to access cdFMC, how to import policies, and join your first Firepower firewall.

Introduction

Migrating another firewall to Cisco Firepower Threat Defense (FTD) can be a daunting task. Depending on the role of the firewall, it can have thousands of ACL entries, network and service objects and network address translations (NAT). Fortunately, for anyone that is migrating to Cisco FTDs that are managed by Cisco Firepower Management Center (FMC), Cisco provides a firewall...

There may be certain situation when you need to reset a Cisco FTD appliance back to factory default to get a clean start. One such example is during a deployment I encountered a Cisco Bug for FTD version 7.0.4 locally managed by FDM. The bug caused a corruption in the database that cannot be repair and configurations from the FDM are not synced with the LINA, the ASA portion of the FTD. There...

In the first entry of this series, we looked at the high-level mechanics involved in using AnyConnect with the ISE Posture module to perform endpoint host inspection (posture) when connecting to an AnyConnect VPN head-end (ASA/FTD). In the second entry of this series, we narrowly focused on getting the ISE posture module provisioned. In the third entry, we took stock of all the available posture...

In the first entry of this series, we looked at the high-level mechanics involved in using AnyConnect with the ISE Posture module to perform endpoint host inspection (posture) when connecting to an AnyConnect VPN head-end (ASA/FTD). In the second entry of this series, we narrowly focused on getting the ISE posture module provisioned. If you haven’t check those out yet, please do, links below!

In the last entry of this series, we looked at the high-level mechanics involved in using AnyConnect with the ISE Posture module to perform endpoint host inspection (posture) when connecting to an AnyConnect VPN head-end (ASA/FTD). If you haven’t read that one yet, you can find it here!

In this entry, we will be narrowly focused on provisioning the ISE posture module. Enjoy!

Project Manager: “We need to give them access to our network.”

IT Security: “No.”

Project Manager: “We really need to give them access to our network.”

IT Security: “Still no.”

Project Manager: “C’mon, pleeease??”

IT Security: “Ok fine. But we’ll need to assess their computer for vulnerabilities.”