08-21-2018 04:24 AM
Does anyone have any documentation they can share detailing how to integrate Firepower Management Center into NSO?
Solved! Go to Solution.
08-22-2018 06:49 AM
It looks like 1.0.4 is the latest release, so that should be fine.
These are my settings for the lab machine:
<device> <name>campus-fmc</name> <address>fmc.sae.local</address> <port>443</port> <authgroup>cpoc-fmc</authgroup> <device-type> <generic> <ned-id xmlns:cisco-fmc-id="http://tail-f.com/ned/cisco-fmc-id">cisco-fmc-id:cisco-fmc</ned-id> </generic> </device-type> <ned-settings> <cisco-fmc-connection xmlns="http://tailf.com/ned/cisco-fmc/meta"> <ssl> <accept-any/> </ssl> </cisco-fmc-connection> </ned-settings> <state> <admin-state>unlocked</admin-state> </state> </device>
Might be the port number perhaps? Because connection refused seems to me to indicate that the combination of address/port is incorrect.
08-22-2018 05:41 AM
Well, there is a NED and I have used it a little bit. What kind of use-case are you looking at?
08-22-2018 06:39 AM
In terms of FMC, the NSO use case is pretty basic. We are just using FMC to manage an HA pair of firepowers in our lab for validation of what we can and can't do with it.
I have version 1.0.4 of the cisco-fmc NED installed and operational on NSO 4.7, and the REST API is enabled on FMC, but I get a connection refused error when I try to sync-from to pull down the initial configuration from FMC. I can curl from the NSO server to the FMC API explorer, so connectivity between them works.
Can you give any guidance on what the device configuration in NSO should look like for FMC, particularly what the cisco-fmc-connection NED settings need to be?
08-22-2018 06:49 AM
It looks like 1.0.4 is the latest release, so that should be fine.
These are my settings for the lab machine:
<device> <name>campus-fmc</name> <address>fmc.sae.local</address> <port>443</port> <authgroup>cpoc-fmc</authgroup> <device-type> <generic> <ned-id xmlns:cisco-fmc-id="http://tail-f.com/ned/cisco-fmc-id">cisco-fmc-id:cisco-fmc</ned-id> </generic> </device-type> <ned-settings> <cisco-fmc-connection xmlns="http://tailf.com/ned/cisco-fmc/meta"> <ssl> <accept-any/> </ssl> </cisco-fmc-connection> </ned-settings> <state> <admin-state>unlocked</admin-state> </state> </device>
Might be the port number perhaps? Because connection refused seems to me to indicate that the combination of address/port is incorrect.
08-22-2018 07:04 AM
You are correct, I hadn't set the port in the device configuration. Manually setting it to 443 has fixed it. The strange thing is when I ran a tcpdump on the NSO server before setting the port I could see the traffic being sent to port 443 anyway, so I am not quite sure why it wasn't working before.
Thanks for the help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide