cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

573
Views
0
Helpful
7
Replies
Highlighted
Beginner

new to firepower

we just bought a 5525-x with the integrated firepower and virtual firesight module 

still confused on how to configure it properly, does anyone have a guide or provide assistance?  just freaked out traffic creating rulesets and not sure if its what i did or not (blocked all high and very high risks then did a permit any any)  

i have a default rule doing balanced security and connections  --  all internal ip at some point i will change that, however, i want to get this up and functioning before hand.  

i do have smartnet obviously on it, but i would rather much learn how to deploy before i put a tac in and tie up someone that i dont need to.  

7 REPLIES 7
Highlighted
Cisco Employee

Hi Mark,

You might find this useful:

https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118595-configure-firesight-00.html

It talks about the initial configuration steps to get the system functional.

Thanks,

Pujita Patni

Highlighted
Hall of Fame Guru

There are several good presentations on the Cisco Live 365 site. Have a look there - just search "firepower" under the on-demand sessions and filter on this year's to start. they're all free and include both the slides and presentation video. I also highly recommend the free labminutes.com series for great how-to videos. They are all short and to the point but technically quite rich in detail.

Are you using ASDM or Firepower Management Center (FMC) to manage the module? ASDM is a bit more limited and FMC is recommended for most use cases.

Since you still have all your ASA ACLs in addition to what's done in Firepower, to start you can just not put any block rules and instead just some simple monitor rules plus a default "Balanced Security and Connectivity" IPS policy to get the feel of things.

Highlighted

we have FMC, but when i try to use it i think i dont have the control licence.  

do i use the control i got in the documentation for the ASA or in the firepower module?  

Highlighted

Yes you need to redeem the PAK and apply the Control license as a prerequisite for all others. It's a bit confusing and a common problem that new Firepower users face.

Here's one discussion thread (of many) where i explained it in more detail:

https://supportforums.cisco.com/discussion/13272821/firepower-license-error

Highlighted

thanks marvin, going to swap it on the portal.  

Highlighted

You're welcome.

Please mark your question as answered if it has been.

Highlighted
Cisco Employee

Hello Mark

Here is the reference link for the understanding of the Access control policies.

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/asa-fp-services/asa-with-firepower-services-local-management-configuration-guide-v60/AC-Getting-Started.pdf

Let us know if you need any help.

Regards

Jetsy 

Content for Community-Ad