July 19, 2018

CCIE Security v5 :: Adding Devices to FirePOWER Management Center (FMC)

(Last Updated On: 3rd July 2017)

This article is intended to cover some of the topics listed within the ‘Perimeter Security and Intrusion Prevention’ section of the CCIE Security v5 blueprint. This article focuses on configuring compatible devices to be managed by the FirePower Management Center (FMC). It is assumed that devices are already installed and you have access to the FMC GUI as well as SSH access to the device you would like to manage.

In the following example we use a vFTD appliance to add to the FMC. The FMC software version we are using in this example is 6.2.

Provision the device to join the FMC

  • SSH to the device you would like to manage
  • Use the following to provision the device so that it is ready to join the FMC;
    • #configure manager add [ipaddress] [key]   —- Where [ipaddress] enter the actual IP address of the FMC. Where [key] enter any key, this will be used again for on the FMC so make a note of this.

  • Use the following command to see if the device is registered with the FMC
    • #show managers —- You should recieve an output as shown below.  Registration is shown as ‘pending’ because we have yet to configure the device in the FMC.

 

We will now switch over to the FMC to continue with the configurations.

Add the managed device to the FMC

  • Access the FMC GUI and navigate to the ‘Device Management’ tab as shown in the screenshot below

 

  • Once the Device Management page has successfully loaded click the ‘Add’ button and then ‘Add Device’ on the right-hand side of the screen as shown in the image below.

 

  • A new box should appear as the one shown below. Enter the following details:
    • Host: Enter the IP address of the device you want to manage
    • Display Name: Enter the device name
    • Registration Key: Enter the same key you entered in the device earlier (THIS MUST MATCH)
    • Group: Optional, if this is the first time adding a device to the FMC you shouldn’t have any groups
    • Access Control Policy: In the drop down menu click ‘Create new policy’, we will use this to create a default policy to drop traffic if nothing else is matched. When the new box opens, give the policy a name and description, leave the base policy as ‘none’ and ensure the radio button ‘Block all traffic’ is selected. Click ‘Save’ and you should return to the previous screen to continue adding the device.
    • Smart Licensing: Select the licenses that apply to you or your organisation
    • Click ‘Register’

 

  • Click the health icon in the upper right-hand corner of the screen to see the progress of the device in which you have just requested to be added to the FMC. As depicted in the image below, you should see a green check once the device has been added successfully.

 

Verify that the device is now added

  • Within Device Management on the FMC, you should now be able to click on the device you have added and configure the interfaces.
  • SSH to the managed device and enter the following command
    • #show managers

  • If the device has been added successfully you should have output similar to the screenshot below.
  • ‘Completed’ now means that your device can now be managed using the FMC.

Thank you for reading, please feel free to share this article.

Previous «
Next »

Security Solutions Consulting Engineer @ Cisco - CCNA R&S/CCNA Security, CCDA & CCNP R&S - Currently working on CCIE Security. Sharing my knowledge and passion for technology. All views are mine and NOT of my company.

Leave a Reply

Subscribe to SYNACK via Email

%d bloggers like this: