Cisco FirePower FTD Course | Part-2 FMC

Install the Cisco Fire Power Management Center on ESXi by creating VLAN groups, deploying the FMC OVF, configuring IP 172.16.0.200 and related network settings, and accessing the web interface.

Install the firepower threat defense on an esxi host by deploying the ovf/ova, name Istanbul FTD-1, and configure management IP, VLAN, and FMC registration key Cisco123.

Register Istanbul FTD-1 to FMC, activate the Smart License evaluation license, and create Istanbul Access Control Policy with block all traffic while enabling malware, threat, and URL filtering.

Configure interface and security zone settings on FMC for the Istanbul firewall, assigning gigabit 0/0 to outside, 0/1 to inside, and 0/2 to DMZ with IPs 44.34.0.1/24, 172.16.44.1/30, and 10.1.0.254.

Create a default route to internet via gateway 44.34.0.254. Create a static route to 172.16.0.0 via the backbone switch using the FMC GUI, then deploy and verify connectivity.

Configure and run a home lab for Cisco Firepower FTD with FMC, detailing memory reductions, specific VM nets and IP schemas, and step-by-step installation guidance.

Create network and device objects, define access control rules to allow vlan 11, 12, and 13 internet access, observe rule precedence, deploy to the firewall, and note nat comes next.

Learn auto nat configuration on the FMC to enable internet access by creating a dynamic nat policy that translates 172.16.0.0/16 to the outside interface and deploys to the firewall.

Configure destination NAT to let external users access a web server behind a bidirectional NAT via the FMC policy, allowing http and https from outside to DMZ and deploying.

Enable ssl decryption and https inspection in Cisco FirePower FTD via FMC, configure certificates, create an ssl policy with decrypt and do not decrypt rules, deploy, and verify logs.

Set up url filtering by creating an access control rule, block categories such as porn and high risk, deploy the policy, and test porno.com is blocked with logs.

Create and deploy a malware and file blocking policy, apply it to vlan rules via inspection, and verify blocks with anti-malware tests and firewall logs.

Activate IPS inspection by creating an IPS policy under intrusion, selecting a balance and security base policy, applying it to VLAN 11, 12, and 13, and deploying to the firewall.

Activate pxGrid on Cisco ISE by creating a pxGrid template, generating a CSR, obtaining and installing the certificate from the Microsoft certificate authority, installing the root certificate, and enabling pxGrid.

Enable pxGrid on ISE, integrate with FMC by provisioning root and pxGrid certificates, generating a CSR, and configuring Identity Service Engine as the identity source ise.yb.com, with tests passing.

Enable passive identity service in Cisco ISE via FMC, configure AD join point, select groups, test the connection, and monitor live sessions in the Passive ID overview.

Learn to integrate Active Directory with the FMC device by configuring realms, base DN, and organizational units, test connectivity, enable user downloads, and map HR and IT groups.

Configure a site-to-site vpn between Ankara and Istanbul using Firepower Threat Defense, set up virtual tunnel interfaces, static routes, nat, and access control policies, then verify with ping and RDP.

Implement high availability for two Firepower Threat Defense devices via FMC, configuring failover and stateful links across VLANs, synchronizing settings, and ensuring automatic failover to standby.

Learn how to back up Cisco firepower management center, FMC, and FTD devices using firepower management backup and managed device backup, monitor progress, download backups, and restore from files.