Deploy the SourceFire Cisco FireSight Management Virtual Appliance

As you know, Cisco entered the game of NGFW purchasing SourceFire. Still now, SourceFire is still a not integrated with ASA, which imo represents 2 different products to manage.

Here we will just deploy the FireSight Management Virtual Appliance which is the new name for the Defense Center. This is the configuration/control center for all of our FirePower devices. But first, let’s get it started.

Download the firesight ovf from the cisco web site. (log in required)
The current package is called:  Cisco_Firepower_Management_Center_VMware-6.0.1-1213 – use the DuckDuckGo Power instead of the browsing the Cisco site.

Somehow there are 2 OVFs:
Cisco_Firepower_Management_Center_Virtual_VMware-VI-6.0.1-1213.ovf
Cisco_Firepower_Management_Center_Virtual_VMware-ESXi-6.0.1-1213.ovf

They offer different style of setup. I am just going to pick the VI one as it includes a wizard to configure the network of the VM.

fire1

I find funny that this is a ovf that doesn’t support much vmware stuff. Not to say, it is officially not supported under ESX6!
The guide makes it look like nothing virtual is supported…
Guidelines and Limitations
The following limitations exist when deploying Firepower NGIPSv for VMware:

  • vMotion is not supported.
  • Cloning a virtual machine is not supported.
  • Restoring a virtual machine with snapshot is not supported.
  • Restoring a backup is not supported.

Something else puzzle me, while the memory and cpu are configurable, the disk size is not!
I wonder how we can increase the size for additional logging/retention.

fire2
Nonetheless, install the ovf as usual using the ovf wizard.
The wizard also include so configuration item for name, dns, and network settings…

It boots, and then says it is going to take forever to initialize. The Ui says up to 30 minutes, the manual says up to 40 minutes!

fire3

25 minutes later
WebUI seems started however

fire4

fire5
Once ready, onto some basic configuration:
Verifying network settings, ntp, smtp
Enabling VMware tools

fire6
Rules and Geolocation updates
Do the recurring update imports as well

fire7
Enable auto-backup
And of course register.

fire8
I usually would do the integrations with your ASA/Firepower device so that you can objects to create rules on and so on. Let me know what you want to see.

 

Advertisements

vCenter Server Appliance vs vCenter Server 5.5

I was reading some articles as I was getting ready to reinstall the whole vCenter Server after a major crap-out at a client.

I am talking about this kb from VMware and it seemed that VSA had improved so much it could actually be used at this SMB.

  • But I found out the following VMware vCenter Server Appliance 5.5 limitations.
  • vCenter Linked Mode is not supported
  • vCenter Heartbeat is not supported
  • Some VMware/Third Party Plugins might not support vCSA. Check with your desired plugin vendors if they support the vCenter Appliance.
  • Installing update Manager on the vCenter Appliance is not supported, but you can still set it up on a separate Windows VM.
  • If using the embedded database you will be limited to 100 hosts and 3000 VMs, but you always can utilize an Oracle Database to be able to scale to the vCenter Maximums of 1000 hosts and 10,000 VMs.
  • MS SQL Database is currently not supported by the vCenter Server Appliance, where you can either use the built-in vPostgres (Support up to 100 hosts and 3000VMs) or you will need to use Oracle Database to scale to 1000 hosts and 10,000 VMs. If you are planning to go beyond 100 hosts and 3000VMs and Oracle database is not an option or your cup of tea then you will have to stick with the Windows version of vCenter for now.
  • It does not support the Security Support Provider Interface (SSPI),  which is a part of SSO, and  is a Microsoft Windows API used to perform authentication against NTLM or Kerberos.
  • VMware View Composer can not be installed on the vCenter appliance, but it is no longer required to install it on the same machine as vCenter and it can be installed on a different machine and then it will support vCSA.

So I guess that’s not quite there. I’ll get some windows licenses on the way 🙂