Cisco Cisco Firepower Management Center 2000 Manuel Technique
Complete the system configuration as prompted, which occurs in this order: Read and accept
the End User License Agreement (EULA).Change the admin password.Configure the
management address and DNS settings, as prompted. Note: You can configure both IPv4
and IPv6 management addresses.Here is an example:
the End User License Agreement (EULA).Change the admin password.Configure the
management address and DNS settings, as prompted. Note: You can configure both IPv4
and IPv6 management addresses.Here is an example:
System initialization in progress. Please stand by. You must change the password
for 'admin' to continue. Enter new password: <new password>
Confirm new password: <repeat password>
You must configure the network to continue.
You must configure at least one of IPv4 or IPv6.
Do you want to configure IPv4? (y/n) [y]: y
Do you want to configure IPv6? (y/n) [n]:
Configure IPv4 via DHCP or manually? (dhcp/manual) [manual]:
Enter an IPv4 address for the management interface [192.168.45.45]:198.51.100.3
Enter an IPv4 netmask for the management interface [255.255.255.0]: 255.255.255.0
Enter the IPv4 default gateway for the management interface []: 198.51.100.1
Enter a fully qualified hostname for this system [Sourcefire3D]: asasfr.example.com
Enter a comma-separated list of DNS servers or 'none' []:
198.51.100.15, 198.51.100.14 Enter a comma-separated list of search domains or 'none'
[example.net]: example.com If your networking information has changed, you will need to
reconnect. For HTTP Proxy configuration, run 'configure network http-proxy'
3.
Wait for the system to reconfigure itself.
4.
Configure the FireSIGHT Management Center
Configure the ASA SFR module interfaces
●
Shut down, restart, or otherwise manage the ASA SFR module processes
●
Create backups from, or restore backups to, the ASA SFR module devices
●
Write access control rules in order to match traffic with the use of VLAN tag conditions
●
Redirect Traffic to the SFR Module
In order to redirect traffic to the ASA SFR module, you must create a service policy that identifies
specific traffic. Complete these steps in order to redirect traffic to an ASA SFR module:
specific traffic. Complete these steps in order to redirect traffic to an ASA SFR module:
Select the traffic that should be identified with the access-list command. In this example, all
of the traffic from all of the interfaces is redirected. You can do this for specific traffic as well.
of the traffic from all of the interfaces is redirected. You can do this for specific traffic as well.
ciscoasa(config)# access-list sfr_redirect extended permit ip any any
1.
Create a class-map in order to match the traffic on an access list:
ciscoasa(config)# class-map sfr
ciscoasa(config-cmap)# match access-list sfr_redirect
2.
Specify the deployment mode. You can configure your device in either a passive (monitor-
only) or inline (normal) deployment mode.
Note: You cannot configure both a passive mode and inline mode at the same time on the
ASA. Only one type of security policy is allowed.In an inline deployment, after the undesired
traffic is dropped and any other actions that are applied by policy are performed, the traffic is
returned to the ASA for further processing and ultimate transmission. This example shows
how to create a policy-map and configure the ASA SFR module in the inline mode:
only) or inline (normal) deployment mode.
Note: You cannot configure both a passive mode and inline mode at the same time on the
ASA. Only one type of security policy is allowed.In an inline deployment, after the undesired
traffic is dropped and any other actions that are applied by policy are performed, the traffic is
returned to the ASA for further processing and ultimate transmission. This example shows
how to create a policy-map and configure the ASA SFR module in the inline mode:
ciscoasa(config)# policy-map global_policy
ciscoasa(config-pmap)# class sfr
ciscoasa(config-pmap-c)# sfr fail-open
3.