Yes you need to redeem the

Mark Graham · ‎08-14-2017

we just bought a 5525-x with the integrated firepower and virtual firesight module

still confused on how to configure it properly, does anyone have a guide or provide assistance? just freaked out traffic creating rulesets and not sure if its what i did or not (blocked all high and very high risks then did a permit any any)

i have a default rule doing balanced security and connections -- all internal ip at some point i will change that, however, i want to get this up and functioning before hand.

i do have smartnet obviously on it, but i would rather much learn how to deploy before i put a tac in and tie up someone that i dont need to.

Pujita Patni · ‎08-14-2017

Hi Mark,

You might find this useful:

https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118595-configure-firesight-00.html

It talks about the initial configuration steps to get the system functional.

Thanks,

Pujita Patni

Marvin Rhoads · ‎08-14-2017

There are several good presentations on the Cisco Live 365 site. Have a look there - just search "firepower" under the on-demand sessions and filter on this year's to start. they're all free and include both the slides and presentation video. I also highly recommend the free labminutes.com series for great how-to videos. They are all short and to the point but technically quite rich in detail.

Are you using ASDM or Firepower Management Center (FMC) to manage the module? ASDM is a bit more limited and FMC is recommended for most use cases.

Since you still have all your ASA ACLs in addition to what's done in Firepower, to start you can just not put any block rules and instead just some simple monitor rules plus a default "Balanced Security and Connectivity" IPS policy to get the feel of things.

Mark Graham · ‎08-15-2017

we have FMC, but when i try to use it i think i dont have the control licence.

do i use the control i got in the documentation for the ASA or in the firepower module?

Marvin Rhoads · ‎08-15-2017

Yes you need to redeem the PAK and apply the Control license as a prerequisite for all others. It's a bit confusing and a common problem that new Firepower users face.

Here's one discussion thread (of many) where i explained it in more detail:

https://supportforums.cisco.com/discussion/13272821/firepower-license-error

Mark Graham · ‎08-15-2017

thanks marvin, going to swap it on the portal.

Marvin Rhoads · ‎08-15-2017

You're welcome.

Please mark your question as answered if it has been.

Jetsy Mathew · ‎08-17-2017

Hello Mark

Here is the reference link for the understanding of the Access control policies.

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/asa-fp-services/asa-with-firepower-services-local-management-configuration-guide-v60/AC-Getting-Started.pdf

Let us know if you need any help.

Regards

Jetsy

new to firepower