Deploy the SourceFire Cisco FireSight Management Virtual Appliance

As you know, Cisco entered the game of NGFW purchasing SourceFire. Still now, SourceFire is still a not integrated with ASA, which imo represents 2 different products to manage.

Here we will just deploy the FireSight Management Virtual Appliance which is the new name for the Defense Center. This is the configuration/control center for all of our FirePower devices. But first, let’s get it started.

Download the firesight ovf from the cisco web site. (log in required)
The current package is called:  Cisco_Firepower_Management_Center_VMware-6.0.1-1213 – use the DuckDuckGo Power instead of the browsing the Cisco site.

Somehow there are 2 OVFs:
Cisco_Firepower_Management_Center_Virtual_VMware-VI-6.0.1-1213.ovf
Cisco_Firepower_Management_Center_Virtual_VMware-ESXi-6.0.1-1213.ovf

They offer different style of setup. I am just going to pick the VI one as it includes a wizard to configure the network of the VM.

fire1

I find funny that this is a ovf that doesn’t support much vmware stuff. Not to say, it is officially not supported under ESX6!
The guide makes it look like nothing virtual is supported…
Guidelines and Limitations
The following limitations exist when deploying Firepower NGIPSv for VMware:

  • vMotion is not supported.
  • Cloning a virtual machine is not supported.
  • Restoring a virtual machine with snapshot is not supported.
  • Restoring a backup is not supported.

Something else puzzle me, while the memory and cpu are configurable, the disk size is not!
I wonder how we can increase the size for additional logging/retention.

fire2
Nonetheless, install the ovf as usual using the ovf wizard.
The wizard also include so configuration item for name, dns, and network settings…

It boots, and then says it is going to take forever to initialize. The Ui says up to 30 minutes, the manual says up to 40 minutes!

fire3

25 minutes later
WebUI seems started however

fire4

fire5
Once ready, onto some basic configuration:
Verifying network settings, ntp, smtp
Enabling VMware tools

fire6
Rules and Geolocation updates
Do the recurring update imports as well

fire7
Enable auto-backup
And of course register.

fire8
I usually would do the integrations with your ASA/Firepower device so that you can objects to create rules on and so on. Let me know what you want to see.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s