Part I Troubleshooting and Administration of Hardware Platform
Chapter 1 Introduction to the Cisco Firepower Technology
Firepower Threat Defense (FTD)
FirePOWER Service Versus Firepower Threat Defense (FTD)
Firepower System Software Components
Firepower System Hardware Platforms
Chapter 2 FTD on ASA 5500-X Series Hardware
Best Practices for FTD Installation on ASA Hardware
Installing and Configuring FTD
Installing the System Software
Verification and Troubleshooting Tools
Determining the Version of Installed Software
Determining the Free Disk Space on ASA Hardware
Deleting a File from a Storage Device
Determining the Availability of Any Storage Device or SSD
Determining the Version of the ROMMON Software or Firmware
Chapter 3 FTD on the Firepower eXtensible Operating System (FXOS)
Firepower 9300 and 4100 Series Essentials
Firepower Extensible Operating System (FXOS)
Best Practices for FTD Installation on Firepower Hardware
Installing and Configuring FTD
Deleting Any Existing Logical Devices
Uploading the FTD Software Image
Adding a Logical Device for FTD
Completing the Initialization of FTD
Verification and Troubleshooting Tools
Verifying the Status of a Security Application
Verifying the Security Modules, Adapters, and Switch Fabric
Verifying the Hardware Chassis
Verifying the Power Supply Unit (PSU) Modules
Chapter 4 Firepower Management Center (FMC) Hardware
Cisco Integrated Management Controller (CIMC)
Internal USB Storage for the System_Restore Image
Best Practices for FMC Reimage
Pre-installation Best Practices
Post-installation Best Practices
Installing and Configuring the FMC
Step 1: Load the System_Restore Image
Step 2: Configure the Network Settings
Step 3: Choose a Transport Protocol
Step 4: Download and Mount an ISO File
Verification and Troubleshooting Tools
Determining the Hardware and Software Details of the FMC
Determining the RAID Battery Status
Determining the Status of a Power Supply Unit (PSU)
Performing a Complete Power Cycle
Chapter 5 Firepower System Virtual on VMware
FMC and FTD Virtual Essentials
Supported Virtual Environments
VMware Installation Package in a Tarball
Best Practices for Firepower Virtual Appliance Deployment
Post-deployment Best Practices
Installing and Configuring a Firepower Virtual Appliance
Creating a Network for FMC Virtual
Creating a Network for FTD Virtual
Initializing an FMC Virtual Appliance
Initializing an FTD Virtual Appliance
Verification and Troubleshooting Tools
Determining the Status of Allocated Resources
Determining the Status of a Network Adapter
Part II Troubleshooting and Administration of Initial Deployment
Chapter 6 The Firepower Management Network
Firepower System Management Network Essentials
Designing a Firepower Management Network
Best Practices for Management Interface Configuration
Configuring a Management Network on FMC Hardware
Using the GUI During the First Login
Using the Command-Line Interface
Verification and Troubleshooting Tools
Configuring a Management Network on ASA Hardware
Verification and Troubleshooting Tools
Configuring a Management Network on a Firepower Security Appliance
Configuring the FXOS Management Interface
Verification of the FXOS Management Interface Configuration
Configuring the FTD Management Interface
Verification of the FTD Management Interface Configuration
Chapter 7 Firepower Licensing and Registration
The Smart Licensing Architecture
Cisco Smart Software Manager (CSSM)
Best Practices for Licensing and Registration
Verifying a Smart License Issue
Registering a Firepower System
Verifying the Registration and Connection
Analyzing the Encrypted SFTunnel
Chapter 8 Firepower Deployment in Routed Mode
Best Practices for Routed Mode Configuration
Configuring the Routed Interface
Configuring an Interface with a Static IP Address
Verification and Troubleshooting Tools
Verifying the Interface Configuration
Chapter 9 Firepower Deployment in Transparent Mode
Best Practices for Transparent Mode
Deploying Transparent Mode in a Layer 2 Network
Configuring the Physical and Virtual Interfaces
Verifying the Interface Status
Verifying Basic Connectivity and Operations
Deploying an FTD Device Between Layer 3 Networks
Creating an Access Rule for SSH
Verifying Access Control Lists
Part III Troubleshooting and Administration of Traffic Control
Chapter 10 Capturing Traffic for Advanced Analysis
Best Practices for Capturing Traffic
Configuring Firepower System for Traffic Analysis
Capturing Traffic from a Firepower Engine
Downloading a .pcap File Generated by Firepower Engine
Capturing Traffic from the Firewall Engine
Downloading a .pcap File Generated by Firewall Engine
Capturing Traffic from the FMC
Downloading a .pcap File Generated by FMC
Verification and Troubleshooting Tools
Adding an Access Rule to Block ICMP Traffic
Analyzing the Traffic Flow by Using a Block Rule
Packet Processing by an Interface
Chapter 11 Blocking Traffic Using Inline Interface Mode
Inline Mode Versus Passive Mode
Inline Mode Versus Transparent Mode
Best Practices for Inline Mode Configuration
Verifying Packet Flow by Using packet-tracer
Verifying Packet Flow by Using Real Packet Capture
Enabling Fault Tolerance Features
Configuring Fault Tolerance Features
Verifying Fault Tolerance Features
Configuring Blocking a Specific Port
Verifying Blocking of a Specific Port
Analyzing a Packet Drop by Using a Simulated Packet
Analyzing a Packet Drop by Using a Real Packet
Chapter 12 Inspecting Traffic Without Blocking It
Inline Versus Inline Tap Versus Passive
Best Practices for Detection-Only Deployment
Verifying an Inline Tap Mode Configuration
Configuring Passive Interface Mode
Configuring Passive Interface Mode on an FTD Device
Configuring a SPAN Port on a Switch
Verifying a Passive Interface Mode Configuration
Analyzing Traffic Inspection Operation
Analyzing a Connection Event with a Block Action
Analyzing an Intrusion Event with an Inline Result
Chapter 13 Handling Encapsulated Traffic
Encapsulation and Prefilter Policy Essentials
Best Practices for Adding a Prefilter Rule
Transferring and Capturing Traffic on the Firewall Engine
Scenario 1: Analyzing Encapsulated Traffic
Configuring Policies to Analyze Encapsulated Traffic
Access Control Policy Settings
Verifying the Configuration and Connection
Scenario 2: Blocking Encapsulated Traffic
Configuring Policies to Block Encapsulated Traffic
Verifying the Configuration and Connection
Scenario 3: Bypassing Inspection
Configuring Policies to Bypass Inspection
Access Control Policy Settings
Verifying the Configuration and Connection
Chapter 14 Bypassing Inspection and Trusting Traffic
Bypassing Inspection and Trusting Traffic Essentials
Best Practices for Bypassing Inspection
Implementing Fastpath Through a Prefilter Policy
Configuring a Prefilter Policy
Invoking a Prefilter Policy in an Access Control Policy
Verifying the Prefilter Rule Configuration
Enabling Tools for Advanced Analysis
Establishing Trust Through an Access Policy
Configuring Trust with an Access Policy
Verifying the Trust Rule Configuration
Enabling Tools for Advanced Analysis
Using the Allow Action for Comparison
Chapter 15 Rate Limiting Traffic
Verifying the Rate Limit of a File Transfer
Analyzing QoS Events and Statistics
Part IV Troubleshooting and Administration of Next-Generation Security Features
Chapter 16 Blacklisting Suspicious Addresses by Using Security Intelligence
Security Intelligence Essentials
Best Practices for Blacklisting
Automatic Blacklist Using Cisco Intelligence Feed
Manual Blacklisting Using a Custom Intelligence List
Immediate Blacklisting Using a Connection Event
Adding an Address to a Blacklist
Deleting an Address from a Blacklist
Adding an Address to a Whitelist
Deleting an Address from a Whitelist
Verification and Troubleshooting Tools
Verifying the Download of the Latest Files
Verifying the Loading of Addresses into Memory
Finding a Specific Address in a List
Verifying URL-Based Security Intelligence Rules
Chapter 17 Blocking a Domain Name System (DNS) Query
Firepower DNS Policy Essentials
Blocking of a DNS Query Using a Firepower System
Actions That Can Interrupt a DNS Query
Actions That Allow a DNS Query
Best Practices for Blocking DNS Query
Configuring DNS Query Blocking
Verification and Troubleshooting Tools
Verifying the Configuration of a DNS Policy
Verifying the Operation of a DNS Policy
Chapter 18 Filtering URLs Based on Category, Risk, and Reputation
Best Practices for URL Filtering Configuration
Blocking URLs of a Certain Category
Configuring an Access Rule for URL Filtering
Verification and Troubleshooting Tools
Configuring FTD to Allow a Specific URL
Verification and Troubleshooting Tools
Querying the Cloud for Uncategorized URLs
Configuring FMC to Perform a Query
Verification and Troubleshooting Tools
Chapter 19 Discovering Network Applications and Controlling Application Traffic
Application Discovery Essentials
Best Practices for Network Discovery Configuration
Configuring a Network Discovery Policy
Verification and Troubleshooting Tools
Analyzing Application Discovery
Configuring Blocking of Applications
Verification and Troubleshooting Tools
Chapter 20 Controlling File Transfer and Blocking the Spread of Malware
File Type Detection Technology
Best Practices for File Policy Deployment
Verification and Troubleshooting Tools
The FMC Is Unable to Communicate with the Cloud
The FMC Performs a Cloud Lookup
Overriding a Malware Disposition
Chapter 21 Preventing Cyber Attacks by Blocking Intrusion Attempts
Network Analysis Policy and Preprocessor
Intrusion Policy and Snort Rules
Best Practices for Intrusion Policy Deployment
Configuring a Network Analysis Policy
Creating a New NAP with Default Settings
Modifying the Default Settings of a NAP
Configuring an Intrusion Policy
Creating a Policy with a Default Ruleset
Incorporating Firepower Recommendations
Enabling or Disabling an Intrusion Rule
Configuring an Access Control Policy
Verification and Troubleshooting Tools
Chapter 22 Masquerading the Original IP Address of an Internal Network Host
Best Practices for NAT Deployment
Masquerading a Source Address (Source NAT for Outbound Connection)
Configuring a Dynamic NAT Rule
Verifying the Operation: Inside to Outside
Verifying the Operation: Outside to Inside
Connecting to a Masqueraded Destination (Destination NAT for Inbound Connection)
Verifying the Operation: Outside to DMZ
Appendix A Answers to the Review Questions
Appendix B Generating and Collecting Troubleshooting Files Using the GUI
Generating Troubleshooting Files with the GUI
Appendix C Generating and Collecting Troubleshooting Files Using the CLI
Generating Troubleshooting Files at the FTD CLI
Downloading a File by Using the GUI
Copying a File by Using the CLI
3.142.173.227