Cisco NGFW Firepower Threat Defense (FTD) Training Part-1/2

Trace from snort and Sourcefire to Cisco firepower threat defense (ftd) and its management by Firepower Management Center. Clarify uppercase versus lowercase naming and ftd as an image with snort.

Set up a Cisco ftd lab in eve-ng by downloading matching firepower 6.x images, transferring them with WinSCP, and fixing permissions to run ftd and fmc for hands-on practice.

install and add Cisco FMC 6.2.3-83 on EVE NG to manage FTD, login to vendor, download and unzip images, set permissions, and deploy the FMC alongside the firewall.

Firepower Device Manager offers a web-based interface to configure FTD locally without FMC, including policies, routing, monitoring, and reporting, ideal for small deployments with up to five logins.

Configure a practical Cisco FTD lab by deploying FTDi locally and via FMC, building a small topology with an internal PC and management network, using docker or tinycore images.

Configure and verify Cisco FTD in a standalone lab using FDM, setting up management and external interfaces, IP addresses, routing, and basic policies, then validate connectivity.

Explore the Firepower device manager main page, navigate monitoring, policies, and objects, review interfaces and status, and perform deployments, updates, backups, and basic troubleshooting.

Explore firepower device manager basics, focusing on system settings and management access. Configure out-of-band and in-band management, restrict http/https/ssh with access lists, and manage certificates for secure access.

Learn to configure diagnostic logging and file and malware logs on FTD, enable remote syslog to a UDP 514 server, adjust log levels 0-7, and verify deployment with show logging.

Configure Cisco ngfw ftd to act as a dhcp server on the internal interface, define a 192.168.1.x pool with dns options, and verify via network overview and dhcp traffic.

Learn to configure DNS for Cisco FTD via system settings, create DNS groups for management and data interfaces, and set primary, secondary, and third DNS entries with timeouts.

Configure the management interface (out-of-band) by choosing DHCP or static IP, set the IP, subnet mask, gateway, IPv6, and MTU, then save the settings.

Change the device hostname in Cisco FTD through GUI or CLI. The GUI prompts before applying in older versions, while newer versions apply changes immediately.

Configure system time via time services in system settings, selecting an http time server or a user defined server, then enter country and URL to auto sync.

Enable http proxy in fdm by entering the proxy ip and port (typically 8080) and optional credentials for explicit proxies; transparent proxies require no changes, then save and deploy.

Explore web analytics in the FTD system settings, learn what browser and device details are collected to share with Cisco for product improvement, and how to enable or disable it.

Reboot or shut down the FTD via CLI (SSH) or the graphical system settings, with on-screen prompts guiding the restart.

Learn how to enable and configure URL filtering in Cisco FTD by activating the appropriate smart licenses, adjusting URL filtering preferences, and leveraging Cisco security intelligence for unknown URLs.

Log in as administrator, adjust time zone and theme in profile, and update your password. Use API explorer, task list, and CLI console to deploy changes and review deployment history.

Objects act as reusable containers for IPs, subnets, hosts, and ranges. Create network, port, DNS, and geolocation objects, including groups and DMZ security zones, to simplify policies.

Configure access control policy in firepower device manager with top-to-bottom rules from outside to inside. Define block, allow, and trust actions while enabling logs and intrusion policy details.

Explore monitoring dashboards to view system health, vulnerability databases, interfaces, throughput, and logs; analyze network overview, access policies, and events, using filters to inspect traffic details.

Explore configuring and verifying main page device groups in FDM for Cisco NGFW FTD, including interfaces, routing (static, default, BGP/OSPF/IGP), smart licenses, geolocation, security intelligence, backups, and VPN settings.

Configure and set up a Cisco FTD lab for centralized control via Firepower management center, using Docker and Kali clients, Windows hosts, and a complete internal and external topology.

Master the first time configuration of Cisco FTD with FMC, including admin login, EULA acceptance, IPv4 setup, and routed mode with network verification via ping.

Train students to perform the first-time setup of the Firepower Management Center (FMC), configure IPv4 settings via linux-like commands, log in, and activate the 90-day smart license.

Activate smart license evaluation mode in Cisco FMC to test features like control, malware and URL filtering, IPS, and AnyConnect for 90 days; renew or switch licenses as needed.

Register the ftdi with the firepower management center (fmc) by configuring the manager, entering the registration key, and completing device management with an access control policy and smart license.

Build a working Cisco FTD lab via FMC by registering FTD, creating objects and zones, configuring interfaces and routing, applying net and access policies, deploying, and monitoring with FMC.

Explore how Cisco firepower management center centralizes ftd configuration and monitoring via two main menus: left configuration and right operational tasks, including policy, devices, objects, licenses, and system settings.

Learn to deploy configurations in the FMC, save and apply changes to the FTD, view deployment history, and use the message center’s deployment, health, and task indicators.

Configure and verify Cisco FMC system settings, including access lists to restrict http/ssh/snmp access, audit logs, management interface options, rest API access, and syslog integration.

Discover how the access control policy in firepower extends beyond acl, evaluating top-to-bottom across layers 3–7, and integrates intrusion, malware, dns, ssl, and identity policies to control traffic with logs.

Configure and verify http response pages in FMC to customize block and interactive block banners for blocked traffic, using system provided, none, or custom pages, and deploy with logs.

Cisco FTD URL filtering uses category and reputation, via Bright Cloud classifications, to control website access; configure policies by category or reputation and enable licensing.

Create custom url objects or object groups to block twitter, facebook, and flickr using three methods. Deploy to FTD and verify with logs.

Configure and verify URL and web category filtering with FTD and FMC, creating category blocks (games, gambling, malware, streaming, shopping, job search) and high-risk rules using block with reset.

Explore Cisco security intelligence and threat feeds that pre-filter malicious IPs, domains, and URLs before reaching FTD, ASA, or ISE, using Cisco Talos updates to block risky traffic.

Configure and verify security intelligence by applying blacklist and whitelist rules within an access control policy, deploy to the firewall, and monitor blocked IPs through events and Context Explorer.

Create and manage custom blacklist and whitelist in security intelligence by building IP and URL lists, using feeds or files, deploying policies, and validating that whitelist overrides blacklist.

Learn about security intelligence global blacklist and global whitelist. Apply them to IP and URL blocks via events.

Uncover how Cisco FTD DNS policy uses security intelligence to block or allow domains via global blacklist, whitelist, and custom feeds, with drop, domain not found, and sinkhole actions.

Configure and verify a DNS policy on Cisco NGFW FTD, applying security intelligence with DNS drop, domain not found, and sinkhole actions, then test via FMC deployment.

Explore the pre filter policy in FTD, with analyze, block, and fast path actions; it functions like an ACL by source and destination IP and port.

Configure a three-rule pre-filter policy in FTD to fast path ICMP, block Telnet, and analyze SSH, attach to the access control policy, and verify with logs and tests.

Learn how ssl decryption policy enables firewalls to inspect encrypted tls traffic by acting as a man-in-the-middle, decrypting and resigning traffic for security checks.

Configure and verify SSL decryption policy for the Firepower Threat Defense lab, generating internal PKI certificates and integrating the policy with access control to decrypt inside to outside traffic.

Explore malware and file policy, combining file control with malware protection using advanced malware protection (AMP), hashes, and cloud checks to block or log infected files.

Configure file and malware policies in a hands-on lab. Attach the file policy to the access control policy, deploy block and detect actions, and review events.

Explore Cisco ngfw firepower threat defense network discovery policy to map hosts, operating systems, and applications, build topology, and tailor intrusion and access control policies.

Configure and verify network discovery policy by creating custom topology, defining private network objects, deploying the policy, and discovering hosts, operating systems, and applications on the FTD.