The document provides instructions for completing a Cisco Firepower Proof of Value lab in the Cisco dCloud environment. It outlines the steps to schedule the lab, connect to the virtual devices, configure the Firepower Management Center (FMC) and Firepower Threat Defense (FTD) device, and generate risk reports. Key steps include scheduling the lab, connecting to the FMC using the session ID and owner as credentials, adding the FTD to the FMC, configuring a passive interface on the FTD, deploying configurations, and generating Advanced Malware, Attacks, and Network Risk reports after traffic has been analyzed.

1. Fire Jumper Program
GSSO Channel Engineering
Network Security POV Lab

2. • Logging into one lab
• Cisco Firepower 6.x Proof of Value v1.x
• Note: This lab can also be used for customer POV’s, just add the FTD
device at the customer location instead of the one in this lab.
• Lab: Adding NGFWv (FTD) to FMCv in dCloud
• You will be Saving (3) Risk Reports
• Refer to the lab guides in the resource section of each lab for the
most up to date, recent information
Lab Explanation

3. dCloud
Proof of Value
FTD Lab

4. Scheduling labs in dCloud
• Check the box next to dCloud
• Browse to https://dcloud.cisco.com
• Select Catalog
• Select Login
• Login in with CCO ID
• In the search bar type in Firepower
• Click Schedule
• Select the Cisco Firepower 6.x Proof of Value v1.x

5. Scheduling labs in dCloud
• Click Schedule a Single Session
• Fill out all mandatory fields on next screen
• Select the date and time
• Click Next
• Click Schedule

6. dCloud Firepower Proof of Value Lab
• Select My Hub from the toolbar
• Browse to https://dcloud.cisco.com
• Select the Region provided by the instructor
• Select Login
• Login in with CCO ID
You will see multiple labs, view the Proof of Value lab

7. Cisco Firepower 6.x Proof of Value v1.x
Capture Relevant Owner and Session ID
• The Dashboard will reflect scheduled sessions
• Select View for the
Cisco Firepower 6.x Proof of Value v1.x
• Select Details
• Note the Owner and Session ID information
• Owner with ‘@’ symbol is not supported
• If ‘@’ is present, use dcloud instead for username
• The password is the Session ID

8. Cisco Firepower 6.x Proof of Value v1.x
Capture relevant Public Address
• Select Details to view Session Details
• Scroll down and note the Public Address
• The Public Address will be used for the FTD
device in the coming steps.
• The Public Address can also be used to reach
the FMC directly without VPN or Remote Desktop

9. Cisco Firepower Proof of Value lab
Connect to Active Directory
• Return to the network topology view
• Select the jumper windows machine and note the
IP Address and Credentials if using VPN
• Click on Remote Desktop

10. Cisco Firepower Proof of Value lab
Connect to Active Directory
• Click on Remote Desktop
• Authenticate with
• Username: dcloudadministrator
• Password: C1sco12345
*Note sometimes you will go right to the
desktop without having to login

11. Cisco Firepower Proof of Value lab
Access Putty
• Select PuTTY on the desktop
• Double click the FTD session or
single click the FTD session and
click Open

12. Cisco Firepower Proof of Value Lab
SSH to NGIPS
• Authenticate with
• Username: admin
• Password: C1sco12345

13. > configure network management-port 8443
Management port changed to 8443.
> configure manager add <FMC IP> <Registration Key> <nat-id>
Manager successfully configured.
Cisco Firepower Proof of Value Lab v1.x
Configure NGIPS via CLI
• Configure FMC IP as Public Address
from dCloud session details-Slide 8
• Change the management-port to 8443
• Use a registration key of C1sco12345
and a nat-id of 12345
• Use number row on your keyboard above the
letters, not the 10key on the right.
• If you typo the manager info, type “configure
manager delete” and re-do the add line

14. Cisco Firepower 6.x Proof of Value Lab v1.x
Login to the FMC
• In the Cisco Firepower 6.x Proof of Value v1.x
Return to your PC and open a browser
• Using HTTPS, connect to the FMC Public Address from dCloud session details noted in slide 8
• Login using Owner for the FMC username and Session ID for the password
170716
XXXXX
XXXXX

15. When logging into FMC you may see this error
Click Advanced
Add Exception

16. Cisco Firepower 6.x Proof of Value v1.x
Add the FTD device to the FMC
• Navigate to Devices > Device Management
• Select Add > Add Device

17. Cisco Firepower 6.x Proof of Value v1.x
Connect FTD to FMC
• Use the Host of 198.18.133.11, Registration Key of C1sco12345
• If using an external FTD device at a customer location, set the Host to be DONTRESOLVE
• Group: None
• Access Control Policy: Cisco POV Access Control Policy
• Select the Protection, Control, Malware, and URL Filtering Licenses
• Expand the Advanced Settings and enter a Unique NAT ID of 12345
• Click Register (it may take about 5 minutes to register)

18. Cisco Firepower Proof of Value Lab v1.x
Verify Connectivity FTD to FMC Connection
• Go to the FTD PuTTy window on the jumper remote desktop
• Use show managers from FTD CLI to confirm FMC IP address and view status
• Once complete, you will not come back to the this remote desktop.
• Everything from here forward is done in the FMC.
•

19. Troubleshooting Steps
FTD to FMC Connection
• Use show managers from FTD CLI to confirm FMC IP address and view status
• Ensure registration key and unique NAT-ID match with FMC
• “configure manager delete” will remove the manager on the FTD device in the “Connection
Lab” if you need to fix the IP, Registration Key, or Unique NAT ID.
> show managers
Host : 64.100.11.49
Registration Key : ***
Registration : Pending
RPC Status :
>

20. Troubleshooting Steps
FTD to FMC Connection
• Enter expert mode
• Use sudo pigtail MSGS to review debugging information
> expert
admin@ftd5506:~$ sudo pigtail MSGS
********************************************************************************
** Displaying logs: HTTP ACTQ DCSM VMSS MOJO NGUI NGFW TCAT VMSB DEPL USMS MSGS
********************************************************************************
[…]
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Connect to 64.100.11.216 on port 8443 -
br1
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Initiate IPv4 connection to 64.100.11.216
(via br1)
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Initiating IPv4 connection to
64.100.11.216:8443/tcp
MSGS: 10-07 02:21:19 ciscoasa SF-IMS[10849]: [15490] sftunneld:sf_ssl [INFO] Wait to connect to 8443 (IPv6):
64.100.11.216
MSGS: 10-07 02:21:37 ciscoasa sudo: admin : TTY=ttyS1 ; PWD=/home/admin ; USER=root ;
COMMAND=/ngfw/usr/local/sf/bin/pigtail

21. Confirm:
• FTD management-port is 8443
• Registration Key of FTD and FMC match: C1sco12345
• Unique NAT-ID of FTD and FMC match: 12345
• Configured FMC Public IP (not Private IP)
Allow adequate time for the sensor to be added and view pigtail for
current status
Troubleshooting Steps
FTD to FMC Connection

22. Configuration
Object Management

23. Object Management: Edit HOME_NET Variable
• Browse to Objects > Object Management
• Select Variable Set on the left hand side
• Select to edit the Default-Set

24. Object Management: Edit HOME_NET Variable
• Select next to HOME_NET

25. Object Management
• Click to create a new
Network Object
• Provide a Name i.e. HOME_NET
• Enter Network information that matches the customer
environment, for this lab use the network listed to the right.
192.168.0.0/16
• Click Save
• From the list of Available Networks, select your new
HOME_NET object and click the include button
• Remove any pre-existing included networks so that only
HOME_NET is listed.
• Click Save, Save, Yes.

26. Object Management: Edit Network Discovery
Policy
• Browse to Policies > Network Discovery
• Select to delete the IPv4-Private-All-RFC1918
• Click Yes to confirm

27. Object Management: Edit Network Discovery
Policy
• Select to Add a New Rule
• Select the Users checkbox
• Add the newly created HOME_NET variable to the Available Networks
• Click Save

28. Configuration
Configure Passive Interface

29. • Navigate to Devices > Device Management
• Select to Edit Device
Configure Passive Interface

30. • A passive interface needs to be configured for the FTD to accept traffic from
the SPAN port or tap on the customer network
• Select next to GigabitEthernet0/2
• The Experimental Light theme may move the pencil icons from the right side to left side and clear out the table.
Go ahead and click the second from the bottom interface and verify it shows GigabitEthernet0/2 when viewing.
Configure Passive Interface

31. Configure Passive Interface
• Name the Zone Passive
• Check the Enabled box
• Set Interface to Passive Mode
• Define a New Security Zone
named Passive
• Click OK, OK, Click Save (in
upper right corner)

32. • Click the Deploy button at top right to push interface configuration to FTD
• Select the checkbox by your FTD device
• Click Deploy
Configure Passive Interface

33. Deployment Status
• View the status of deployment by clicking the green checkmark, it
will change to a blue color and should show the deployments
progress

34. Deployment Status
• At a customer site, the interface status for the passive interface should
turn green when the deployment completes.
• In the dCloud lab, the status is not updated until you change to another
parent tab and come back to the device interface settings.

35. Confirm Traffic Flow to NGIPS
• Browse to Analysis > Connections > Events
• If events are not populating, verify that interfaces are connected, enabled,
and the SPAN port or tap is functional.

36. Risk Reports

37. • Integrated into the FMC with 6.2 or later
• For a real world POV, wait at least 1 week after verifying incoming
connections before generating these risk reports. For this lab, wait 5 to
15 minutes for demo data to populate.
• Browse to Overview > Reporting, Select Report Templates
• Generate:
• Advanced Malware
• Attacks, and
• Network Risk Reports
Risk Reports

38. • Generate Advanced Malware, Attacks, and Network Risk Reports
• Download and Save the reports and send to the Instructor for Proof of
Performance
Risk Reports