Re: where to download sensor for fmc 6.2.3

techburn_@hotmail.com · ‎10-01-2018

Hi all,

i have just deployed a firepower in a vm environment, i have also just activated the smart license evaluation mode. i'm task to add a sensor on the firepower management center, where do i download the sensor for fmc in cisco support. my current version is 6.2.3 (83). i need to add a sensor to it

dejan_jov1 · ‎10-01-2018

Hi,

as much as I have understand you need to add a Firepower Firewall to you FMC deplloyment.

You can do this from FMC: Devices>Device Management>Add Device

And on your Firepower Firewall you need to define the FMC as the device that will manage your firewall.

Go to the console of Firewalll:

configure network ipv4 dhcp-server-disable

configure network ipv4 manual <Mgmt IP of FW> <Net mask> <Default GW IP>
Configure manager add <IP of FMC> PaSSworD

techburn_@hotmail.com · ‎10-01-2018

hi all

thanks for all help, after adding and define my fmc in the console, do i need to download additional sensor, im using fmc without attaching any asa, previously i have done through asa ftd then fmc

techburn_@hotmail.com · ‎10-01-2018

hi all

thanks for all help, after adding and define my fmc in the console, do i need to download additional sensor, im using fmc without attaching any asa, previously i have done through asa ftd then fmc

Marvin Rhoads · ‎10-01-2018

"Sensor" is just a generic term for the:

a. Firepower appliances (physical or virtual),

b. Firepower modules (on ASA hardware), or

c. FTD devices (physical or virtual)

...your FMC is managing.

techburn_@hotmail.com · ‎10-01-2018

hi

first of all, my fmc was deployed through vmware, there is no asa running on top of it. because i was tasked to add sensor on the vm fmc gui. im not sure what shd i do? previously i add the sensor to a physical asa running on top of ftd but now only vm fmc.

techburn_@hotmail.com · ‎10-01-2018

@Marvin Rhoads wrote:

"Sensor" is just a generic term for the:

a. Firepower appliances (physical or virtual),

b. Firepower modules (on ASA hardware), or

c. FTD devices (physical or virtual)

...your FMC is managing.

hi

first of all, my fmc was deployed through vmware, there is no asa running on top of it. because i was tasked to add sensor on the vm fmc gui. im not sure what shd i do? previously i add the sensor to a physical asa running on top of ftd but now only vm fmc.

Marvin Rhoads · ‎10-02-2018

FMC (whether virtual or physical appliance, on-premises or cloud-based) is only a management system.

The sensors you add are always some remote device. They could be another VM (like FTDv) in the same ESXi host or a hardware appliance halfway around the world. Or anything in between. Either way FMC talks to the sensor's management interface via an encrypted tunnel over tcp/8305.

You add that sensor address and the key into FMC GUI (Devices > Device Management > Add Device). You also add the FMC address and key into the sensor cli as noted in other replies to this thread. They connect to each other and the sensor is registered. You then proceed to apply licenses to it and configure it in greater detail via FMC.

techburn_@hotmail.com · ‎10-02-2018

@Marvin Rhoads wrote:

FMC (whether virtual or physical appliance, on-premises or cloud-based) is only a management system.

The sensors you add are always some remote device. They could be another VM (like FTDv) in the same ESXi host or a hardware appliance halfway around the world. Or anything in between. Either way FMC talks to the sensor's management interface via an encrypted tunnel over tcp/8305.

You add that sensor address and the key into FMC GUI (Devices > Device Management > Add Device). You also add the FMC address and key into the sensor cli as noted in other replies to this thread. They connect to each other and the sensor is registered. You then proceed to apply licenses to it and configure it in greater detail via FMC.

hi

my suitation is that i only deploy only one vm fp in the vmware. shd i deploy another same vm fp with different ip address and add it into fmc.

Marvin Rhoads · ‎10-02-2018

A system managed by FMC requires FMC itself and one or more sensors.

The simplest setup is one FMCv and one FTDv. Each is a separate VM, is separately sold and requires separate licenses.

FMC does management.

The sensor does access control policy enforcement, routing, NAT, etc. and usually has multiple interfaces (Inside, Outside, DMZ etc. for example).

techburn_@hotmail.com · ‎10-02-2018

@Marvin Rhoads wrote:

FMC (whether virtual or physical appliance, on-premises or cloud-based) is only a management system.

The sensors you add are always some remote device. They could be another VM (like FTDv) in the same ESXi host or a hardware appliance halfway around the world. Or anything in between. Either way FMC talks to the sensor's management interface via an encrypted tunnel over tcp/8305.

You add that sensor address and the key into FMC GUI (Devices > Device Management > Add Device). You also add the FMC address and key into the sensor cli as noted in other replies to this thread. They connect to each other and the sensor is registered. You then proceed to apply licenses to it and configure it in greater detail via FMC.

@Marvin Rhoads wrote:

FMC (whether virtual or physical appliance, on-premises or cloud-based) is only a management system.

The sensors you add are always some remote device. They could be another VM (like FTDv) in the same ESXi host or a hardware appliance halfway around the world. Or anything in between. Either way FMC talks to the sensor's management interface via an encrypted tunnel over tcp/8305.

You add that sensor address and the key into FMC GUI (Devices > Device Management > Add Device). You also add the FMC address and key into the sensor cli as noted in other replies to this thread. They connect to each other and the sensor is registered. You then proceed to apply licenses to it and configure it in greater detail via FMC.

hi

my suitation is that i only deploy only one vm fp in the vmware. shd i deploy another same vm fp with different ip address and add it into fmc.

johnlloyd_13 · ‎10-01-2018

hi,

agree. just configure the sensor to add the manager (FMC IP and key) and add device in FMC.

see helpful link:

http://ccnpsecuritywannabe.blogspot.com/2017/11/configure-and-add-firepower-sensor-in.html

tonypearce1 · ‎10-01-2018

Hi mate, I think you're looking for a virtual Firepower appliance. I only noticed this was available for purchase yesterday and I've not tried this out myself, so I can't understand how this would technically work. Make sure to check out the deployment and config guides for instructions on how to set it up!

Link: https://software.cisco.com/download/home/286306503/type/286306337/release/6.2.3

There's images there for Azure and VMware but if you're savvy with qemu-img commands then you could convert the disk to ovirt / openstack / Red Hat Virtualisation / Hyper-V and so on; although you may introduce problems that way and may be out of a supported deployment method so bear that in mind.