Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1026
Views
0
Helpful
4
Replies

NSO Integration with Firepower Management Center

Go to solution
tcragg1
Cisco Employee
Cisco Employee

‎08-21-2018 04:24 AM

Does anyone have any documentation they can share detailing how to integrate Firepower Management Center into NSO? 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
vleijon
Cisco Employee
Cisco Employee
In response to tcragg1

‎08-22-2018 06:49 AM

It looks like 1.0.4 is the latest release, so that should be fine. 

 

These are my settings for the lab machine:

  <device>
    <name>campus-fmc</name>
    <address>fmc.sae.local</address>
    <port>443</port>
    <authgroup>cpoc-fmc</authgroup>
    <device-type>
      <generic>
        <ned-id xmlns:cisco-fmc-id="http://tail-f.com/ned/cisco-fmc-id">cisco-fmc-id:cisco-fmc</ned-id>
      </generic>
    </device-type>
    <ned-settings>
      <cisco-fmc-connection xmlns="http://tailf.com/ned/cisco-fmc/meta">
        <ssl>
          <accept-any/>
        </ssl>
      </cisco-fmc-connection>
    </ned-settings>
    <state>
      <admin-state>unlocked</admin-state>
    </state>
  </device>

Might be the port number perhaps? Because connection refused seems to me to indicate that the combination of address/port is incorrect. 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
vleijon
Cisco Employee
Cisco Employee

‎08-22-2018 05:41 AM

Well, there is a NED and I have used it a little bit. What kind of use-case are you looking at?

0 Helpful

Go to solution
tcragg1
Cisco Employee
Cisco Employee
In response to vleijon

‎08-22-2018 06:39 AM

In terms of FMC, the NSO use case is pretty basic. We are just using FMC to manage an HA pair of firepowers in our lab for validation of what we can and can't do with it. 

 

I have version 1.0.4 of the cisco-fmc NED installed and operational on NSO 4.7, and the REST API is enabled on FMC, but I get a connection refused error when I try to sync-from to pull down the initial configuration from FMC. I can curl from the NSO server to the FMC API explorer, so connectivity between them works.

 

Can you give any guidance on what the device configuration in NSO should look like for FMC, particularly what the cisco-fmc-connection NED settings need to be?

0 Helpful

Go to solution
vleijon
Cisco Employee
Cisco Employee
In response to tcragg1

‎08-22-2018 06:49 AM

It looks like 1.0.4 is the latest release, so that should be fine. 

 

These are my settings for the lab machine:

  <device>
    <name>campus-fmc</name>
    <address>fmc.sae.local</address>
    <port>443</port>
    <authgroup>cpoc-fmc</authgroup>
    <device-type>
      <generic>
        <ned-id xmlns:cisco-fmc-id="http://tail-f.com/ned/cisco-fmc-id">cisco-fmc-id:cisco-fmc</ned-id>
      </generic>
    </device-type>
    <ned-settings>
      <cisco-fmc-connection xmlns="http://tailf.com/ned/cisco-fmc/meta">
        <ssl>
          <accept-any/>
        </ssl>
      </cisco-fmc-connection>
    </ned-settings>
    <state>
      <admin-state>unlocked</admin-state>
    </state>
  </device>

Might be the port number perhaps? Because connection refused seems to me to indicate that the combination of address/port is incorrect. 

0 Helpful

Go to solution
tcragg1
Cisco Employee
Cisco Employee
In response to vleijon

‎08-22-2018 07:04 AM

You are correct, I hadn't set the port in the device configuration. Manually setting it to 443 has fixed it. The strange thing is when I ran a tcpdump on the NSO server before setting the port I could see the traffic being sent to port 443 anyway, so I am not quite sure why it wasn't working before.

 

Thanks for the help.

0 Helpful
Customers Also Viewed These Support Documents