topic Re: Cisco Firepower running in VMWare Workstation - FTD not intercepting traffic. in Network Security

Cisco Firepower running in VMWare Workstation - FTD not intercepting traffic.

crstephenson — Fri, 21 Feb 2020 16:10:05 GMT

Hi,

I am currently setting up Firepower FTD in VMWare Workstation, and was hoping someone could possibly help me with an issue I am experiencing with the FTD not intercepting and blocking/allowing traffic?

A bit background:

I now have a paired FMC and FTD running on VMWare Workstation. The FTD has three virtual NICs, set up as follows:

Nic1 (Management) - Using VMNET2, which is configured in NAT mode within VMWare. FMC is configured to also use VMNET2 nic.

Nic2 (Outer) - Using the bridged option in VMware for this NIC. Has an IP address in the same range as office router.

Nic3 (Inner) - Using the bridged option in VMWare for this NIC. Has a 172.xx.xx.2 internal address. Virtual client desktop that I also built also uses the bridged NIC option with an IP address in the same network space, and is set with gateway of 172.xx.xx.2.

So, the problem that i am facing is that my virtual client PC can ping the inner interface of the FTD, but when I attempt to do a ping from the client desktop to the internet, it times out. I have created a blanket ACL on the FTD to allow all traffic outbound, from all networks, but it is still not working. What is strange, is that when i attempt the ping, nothing appears in the event/connection logs on the FMC.

I can confirm that the FTD can ping externally and has internet connectivity, so both outer and inner up and running, at least from an IP perspective at least.

To confirm, I am running VMWare Workstation 14.1.3 on Fedora 28, with firewalld disabled.

I have heard this might be something to do with promiscuous mode needing enabled? I am a total linux newbie, so really struggling and not sure how to do this, and/or whether my overall config is essesntially correct/incorrect. Can you please help or advise?

Kind regards

Craig.

Re: Cisco Firepower running in VMWare Workstation - FTD not intercepting traffic.

Marvin Rhoads — Thu, 30 Aug 2018 12:34:32 GMT

Yes your dataplane network adapters for the FTDv host need to have promiscuous mode enabled.

You do that this for the associated vSwitch as shown below:

It's not a Linux thing per se - it's an ESXi setting.

https://kb.vmware.com/s/article/1004099?CoveoV2.CoveoLightningApex.getInitializationData=1&ui-force-components-controllers-hostConfig.HostConfig.getConfigData=1&r=2&other.KM_Utility.getArticleDetails=1&other.KM_Utility.getArticleMetadata=1&other.KM_Utility.getUrl=1&other.KM_Utility.getUser=1&other.KM_Utility.getAllTranslatedLanguages=1&ui-comm-runtime-components-aura-components-siteforce-qb.Quarterback.validateRoute=1

Re: Cisco Firepower running in VMWare Workstation - FTD not intercepting traffic.

crstephenson — Thu, 30 Aug 2018 13:22:47 GMT

Thanks, Marvin.

However, I'm not using ESXi. I'm using VMWare Workstation.

Re: Cisco Firepower running in VMWare Workstation - FTD not intercepting traffic.

Marvin Rhoads — Thu, 30 Aug 2018 15:20:47 GMT

For Vmware workstation yo need to edit a config file to enable promiscuous mode.

https://superuser.com/questions/1209497/how-do-you-enable-promiscuous-mode-in-vmware-workstation

However FTDv is NOT supported on VMWare workstation. Here's the support matrix:

https://www.cisco.com/c/en/us/td/docs/security/firepower/compatibility/firepower-compatibility.html#id_37873