Menu Close

Add FTD to FMC

Adding a virtual or a physical FTD appliance to the FMC is a fairly simple process. In this post I will show you how to do it and we will be working on an FMC appliance running version 6.6.0. Cisco just released the version 6.6.0 which has a few new features and a bunch of improvements.

ASA Privilege Level 15

On Cisco IOS devices, we can set the privilege level 15 on the VTY lines to allow the users to go into privilege level 15 as soon as they connect to the device. The commands we used on the IOS devices are not applicable on the ASA code. However, on the ASA we can use a different command which gives us similar result. This command is part of the aaa configuration on the ASA.

FMC AD Realm

In this post we will cover all the required steps to create a realm on Cisco FMC with AD, but let me first explain in a nutshell what is a realm and why we need it. There is a couple of requirements that we need to configure on the FMC before an identity policy can work properly. One of the requirements is the realm and another is the agent that will actively or passively feed the FMC with the users and groups IP mapping and their login activities on the domain controller.

Stealthwatch enable root SSH access

In this post I will show you how to enable the root SSH access on Stealthwatch appliances. The topology that we will be using is very simple. It is comprised of two Stealthwatch appliances, one is the management console (SMC) and another is the Flow Collector (FC). Enabling the root SSH access for both the SMC and the FC is very similar, but for this lab we are going to enable it only on the FC appliance.

Enable SSH on Stealthwatch Appliances

In this post I will show you how to enable SSH services on Stealthwatch appliances which are disabled by default. To enable SSH services we just need to go through a couple of steps which are pretty easy and straightforward. The configuration page from where we enable SSH services gives us also the option to enable SSH for root accesses. If we don’t enable that option, the SSH accesses will only be allowed to the sysadmin user.

ISE PSN Got Stuck at Step 4

I came across a couple of issues during an ISE upgrade project I was working on recently which are not really common and you would rarely see them. These issues were, an ISE PSN got stuck at step 4 during the upgrade process, and a PAN went out of synch. This project was to upgrade a distributed ISE cube with six nodes from version 2.2 to 2.4 and all appliances were virtual.

Redirect ACL With C9300 Switches

In this post I will share with you one caveat and its fix with redirect ACL with C9300 switches. In the last few months I was working on a project for a medium size customer. The main requirements were to implement Firepower IPS, dot1x, pxGrid, AnyConnect client provisioning and posture assessment for both VPN and local clients. The customer has a few sites spread across the globe, and all of them are connected through VPLS. There are different network devices that we were working on and in one of the sites we had a stack of Cisco C9300 switches. The customer has ISE deployed for identity management.

FMC External Authentication with RADIUS

In this post, I am going to show you how to set up FMC external authentication with RADIUS. Why we would need that?!, simply put, to have a scalable solution in our environment that will allow us to manage accesses to our FMC appliance. Even if we configure the FMC with an external authentication server, we do still have the local admin account enabled that we can use in case the external authentication server is down.

Packet Capture in FMC

In this post, I am going to show you how to run a packet capture on Cisco Firepower Management Center (FMC). As we know, both FTD and FMC are Linux based which means we can rely on a few tools that are embedded in Linux operating system. In fact, when you log into the FMC or when you go into Expert mode on FTD, you will see that the majority of the commands you use are simply Linux commands.

Scroll To Top