Easy Setup Guide. Cisco ASA with Firepower Services. You can easily set up your ASA in this step-by-step guide.

Similar documents
Configuring the Switch

To access the Startup Wizard, choose one of the following options: Wizards > Startup Wizard.

Express Setup. System Requirements. Express Setup CHAPTER

Getting Started. About the ASA for Firepower How the ASA Works with the Firepower 2100

Easy Setup Guide. Cisco FindIT Network Probe. You can easily set up your FindIT Network Probe in this step-by-step guide.

Configuring the Switch

Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017

CM500 High Speed Cable Modem User Manual

Cisco Security Enterprise License Agreement

Catalyst 2360 Switch Getting Started Guide

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Installation and Configuration Guide

How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption

CM500 High Speed Cable Modem User Manual

Lab Configuring an ISR with SDM Express

Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager, Version 6.2

Chapter 10 - Configure ASA Basic Settings and Firewall using ASDM

High Speed Cable Modem

User Guide MAX-STREAM AC1750 MU-MIMO GIGABIT ROUTER. Model # EA7300

The following topics explain how to get started configuring Firepower Threat Defense. Table 1: Firepower Device Manager Supported Models

Installation and Configuration Guide

Cisco Firepower NGFW. Anticipate, block, and respond to threats

High Speed Cable Modem

Configuring GNS3 for CCNA Security Exam (for Windows) Software Requirements to Run GNS3

Installing and Managing the Switch

The following topics provide more information on user identity. Establishing User Identity Through Passive Authentication

Getting Started with Your Device Configuration

Licensing the Firepower System

Cisco C880 M4 Server User Interface Operating Instructions for Servers with E v2 and E v3 CPUs

Configuring the Management Access List

DoS Attacks Malicious Code Attacks Device Hardening Social Engineering The Network Security Wheel

Print Server. User s Manual. Rev. 01 (April, 2004) Made In Taiwan

EdgeMarc 250W Network Services Gateway

Installation Procedure Windows 2000 with Internet Explorer 5.x & 6.0

Unified Threat Management

Connecting IP-PBX to BroadSoft's BroadCloud SIP Trunk using AudioCodes Mediant SBC

User Guide VELOP. Whole Home Wi-Fi. Model WHW03

The Internet of Everything is changing Everything

Protection - Before, During And After Attack

Installation Procedure Windows NT with Netscape 4.x

How to Set Up Your SRX300 Services Gateway

Voice Cable Modem User Manual

ConnectPort X2 Wireless M Bus Development Kit. Getting Started Guide

MSC-5100 Promotional Bundle Quickstart

WatchGuard XTMv Setup Guide Fireware XTM v11.8

Quick Install & Troubleshooting Guide. WAP223NC Cloud Managed Wireless N Access Point

Unified Threat Management

XFINITY Welcome Packet

Cisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer

High-Speed Internet Quick Start Guide

Advanced Malware Protection. Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe

Cisco ASA 5500-X NGFW

High Speed Cable Modem

How to build a multi-layer Security Architecture to detect and remediate threats in real time

Cisco ASA with FirePOWER Services

CONFIGURATION MANUAL. English version

Cisco CVR100W Wireless-N VPN Router with Highly Secure Business-Class Connectivity for Small Offices/Home Offices (SOHO)

AC750 WiFi Range Extender Model EX6100 User Manual

Linksys SMART Wi-Fi Routers with Wireless-AC. User Guide

Using the EN-2000 s Management System

User s Manual PowerPanel Shutdown Service Graceful Shutdown and Notification service to ensure power protection of your computer

Quick Setup Guide. 2 System requirements and licensing

Compare Security Analytics Solutions

HS1200N Wireless N Hotspot

Nighthawk Multi-Gig Speed Cable Modem User Manual

FASHION AND DESIGN INSTITUTE

Voice Cable Modem User Manual

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

DI-704P Ethernet Broadband Router. Ethernet (Straight Through) Cable. 5V DC Power Adapter

Thank you for your purchase of the KX II, the industry's most full-featured, enterprise-class, secure, digital KVM (Keyboard, Video, Mouse) switch.

Business Central Wireless Manager 2.0 Application Quick Start Guide

Vigor2900 Series Broadband Security Router Highly integrated broadband security router, combining high-speed routing technology with a comprehensive

Cisco 200 Series Smart Switches. Quick Start Guide

SonicWALL Security Appliances. SonicWALL SSL-VPN 200 Getting Started Guide

Virtual Communications Express VCE over LTE User Guide

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Business Internet Video Camera with Audio

Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM

High Speed Cable Modem

Wireless USB Port Multi-Functional Printer Server. Model # AMPS240W. User s Manual. Ver. 1A

Agile Security Solutions

DIR-842. Wireless AC1200 Wi-Fi Gigabit Router. Quick Install Guide

An Investment Checklist

MF10 3G Wireless Router

SonicWALL TZ 150 Wireless. Getting Started Guide

ASA/PIX Security Appliance

Remote VPN Remote access for personal devices

WHG201 V1.00. Secure WLAN Controller

Linksys EA-Series. User Guide

EdgeMarc 4552 Networking Gateway

User Manual. AC ac Wireless Access Point/Router. Model WAC124. NETGEAR, Inc.

Pro-face Connect User Guide for GateManager

DI GHz Wireless Router

Part # Quick-Start Guide. SpeedStream 6500 Residential Gateway

Installation Procedure Windows 95/98/ME with Internet Explorer 5.x & 6.0

Identity Policies. Identity Policy Overview. Establishing User Identity through Active Authentication

Quick Installation Guide

Quick Installation Guide

Quick Start Guide. Cisco 220 Series Smart Plus Switches

3.1 Getting Software and Certificates

Transcription:

Cisco ASA with Firepower Services Easy Setup Guide You can easily set up your ASA in this step-by-step guide. Connecting PC to ASA Installing ASDM 3 Configuring ASA 4 Using Umbrella DNS

Connecting PC to ASA Connecting PC to ASA - Before You Begin Before you begin the installation, make sure that you have the following equipment: ASA Chassis AC Power Cable (& Supply with ASA 5506-X) Ethernet Cable x 3 PC Make sure that nothing is connected to the ASA and your PC settings are configured to use DHCP. 3 Connect the first Ethernet cable to the Ethernet port # of the ASA, and the other end of the cable to the Ethernet port of your WAN device. Wait until the port LEDs on the ASA and your WAN device are green or blinking green. Green LEDs indicate a successful connection. - Connecting PC to ASA Connect the AC power cable to the AC power connector of the ASA and a grounded AC outlet. The power turns on automatically when you plug in the power cable. There is no power button. 4 Connect the second Ethernet cable to the Ethernet port # of the ASA, and the other end of the cable to the Ethernet port of your PC. Wait until the port LEDs on the ASA and your PC are green or blinking green. Green LEDs indicate a successful connection. Confirm that the POWER LED and STATUS LED are solid green. If the POWER LED is solid green, the device is powered on. After the STATUS LED is solid green, the system has passed power-on diagnostics. Caution At step, if the STATUS LED does not turn solid green, or turns amber, the ASA failed the power-on diagnostics, reconnect the AC power cable to the ASA AC power connector and a grounded AC outlet. Nevertheless the STATUS LED does not turn solid green, or turns amber, contact your Cisco representative or reseller. At step &, the ASA port to connect an Ethernet cable is the RJ-45 Ethernet port, not the RJ-45 management port. The RJ-45 Ethernet ports are numbered.

Installing ASDM Installing ASDM 3 Click [Install ASDM Launcher]. To configure the ASA, use the Cisco Adaptive Security Device Manager (ASDM). Follow these steps to download the Cisco ASDM from the ASA and install it to your PC. 3 Depending on your environment, the authentication dialog box appears. Launch a Web browser PC and enter the IP address https://9.68.. into the address bar, then press Enter key. Depending on your environment, the security certificate page appears. 4 Click [OK]. Leave the username and password fields empty. Click Continue to this website (not recommended). 4 The Cisco ASDM web page appears. 5 Click [Run]. Caution If the Cisco ASDM web page does not appear, make sure that: The InstallShield Wizard for Cisco ASDM Launcher appears. The POWER LED and STATUS LED are solid green. You connect a straight-through cable to an Ethernet port on the ASA. Any pop-up blockers or proxy settings on your browser are disabled and that any wireless client is disabled on your PC or laptop. Your PC settings use DHCP. The ASA acts as a DHCP server. If your PC has a static IP address, temporarily configure your PC settings to use DHCP. 5

Installing ASDM 6 Click [Next]. 9 Click [Finish]. The Cisco ASDM Launcher appears. 6 9 7 Click [Next]. If you want to change the default installation folder, click [Change] and enter or choose the desired installation folder. 7 Caution Your PC must meet the following requirements to run Cisco ASDM. 8 Click [Install]. Microsoft Windows 7, 8: - Microsoft Internet Explorer - Mozilla Firefox - Google Chrome - Java SE Plug-in 7.0 or later 8 Apple OS X 0.4 and later - Mozilla Firefox - Apple Safari - Google Chrome (64-bit version only) - Java SE Plug-in 7.0 or later You can also use Microsoft Windows 8., 0 (but they are not officially supported).

3 Configuring ASA 3 Configuring ASA 3- Launching Startup Wizard 3- Launching ASDM Now you can launch the Cisco ASDM with the Cisco ASDM Launcher. After launching ASDM, use the Startup Wizard to perform initial configuration. Click [Startup Wizard] from the [Wizards] menu bar. Click [OK.] Leave the username and password fields empty. The Security warning appears. Click [Continue. Click [Modify existing configuration]. 3 Click [Next]. 3 3 Click [Cancel. The main ASDM window appears. 3 MEMO At step, you are prompted to provide the IP address of the ASA Firepower module. You can later set the module IP address to the correct IP address using the Startup Wizard.

3 Configuring ASA 4 Click [Next]. 7 Click [Next]. You can enter the host name 4 and the domain name of the ASA. 7 Caution To the inside interfaces, you must assign the range of IP addresses different from the range assigned to the outside interface. For example, if the outside range is 9.68..x, the inside range should be 9.68.0.x, and so on. You can change the range by selecting an interface and clicking [Edit]. 5 5 Select the appropriate option. Configure the outside interface of the ASA. If you use the ASA behind the existing router, select [Use DHCP] in most cases. If you use the ASA instead of the existing router, follow the configuration of the router. 8 Click [Next]. You can specify static routes if your network has multiple routers. 6 Click [Next]. 6 8

3 Configuring ASA 9 Click [Next]. Click [Next]. The ASA can act as a DHCP server and provide IP addresses to the hosts on your inside network. You can specify the addresses of all hosts or networks, which are allowed to access the ASA using HTTPS/ASDM, SSH or Telnet. MEMO To connect to the free and fast Cisco Umbrella global network DNS service, enter the 08.67.. in the 0 [DNS Server ] field and the 08.67.0.0 in the [DNS Server ] field. 0 0 Click [Use Port Address Translation (PAT)]. Select [Use Port Address Translation (PAT)] to share a single external IP address for devices on the inside interface. Select [Use Network Address Translation (NAT)] to share several external IP address for devices on the inside interface. Click [Next]. 3 4 5 3 Enter the IP address for the ASA Firepower module. For example, the 9.68.. works with the default configuration. 4 Enter the IP address of the Default Gateway. For example, the 9.68.. works with the default configuration. 5 Click [Next].

3 Configuring ASA 6 Click [Next]. The ASA can be remotely managed from an Auto Update Server. This includes automatic updating the ASA configuration, ASA image, ASDM image as needed. 3-3 Connecting Switch to ASA After completing the Startup Wizard, exit the ASDM and disconnect the Ethernet cable from your PC. Then, follow these steps to connect your switch to the ASA. Make sure that nothing is connected to the switch, its settings are configured to use DHCP, and the first Ethernet cable is still connected between the ASA and your WAN device. 6 WAN Device Connect the second Ethernet cable to the Ethernet port # of the ASA, and the other end of the cable to the Ethernet port of your switch. 7 Click [Finish]. You have completed the Startup Wizard. To send your changes to the ASA, click [Finish]. If you want to modify any of the data, click [Back]. Connect the third Ethernet cable to the Ethernet management port of the ASA, and the other end of the cable to the Ethernet port of your switch. 7 Switch

3 Configuring ASA 3-4 Install Licenses Click [ASA FirePOWER Configuration]. Now you can access to the ASA Firepower module with the Cisco ASDM. Relaunch the Cisco ASDM and install the licenses. The Control and Protection licenses are provided by default and the Product Authorization Key (PAK) is included on a printout in your box. If you ordered additional licenses, you should have PAKs for those licenses in your email. Launch ASDM and Click [Configuration]. 3 Click [Licenses]. 3 MEMO The Cisco ASA with Firepower Services ship with a base license for Application Visibility and Control (AVC). Optional subscriptions for Next-Generation IPS (NGIPS), Cisco Advanced Malware Protection (AMP), and URL Filtering (URL) can be added to the base configuration for advanced functionality. AVC: Supports more than 3,000 application-layer and risk-based controls that can launch tailored intrusion prevention system (IPS) threat detection policies to optimize security effectiveness. NGIPS: Provides highly effective threat prevention and full contextual awareness of users, infrastructure, applications, and content to detect multivector threats and automate defense response. AMP: Delivers inline network protection against sophisticated malware and Cisco Threat Grid sandboxing. URL: Adds the capability to filter more than 80 million top-level domains by risk level and more than 8 categories. 4 4 Copy [License Key] text and get the license from the licensing portal (see the MEMO in the next page). The example of the License Key is 7:78:DA:6E:D9:93:35.

4 Using Umbrella DNS 5 5 Paste the license activation key into [License] box. 4 Using Umbrella DNS 6 Click [Verify License]. 7 Click [Submit License]. As the administrator of Cisco ASA, you are able to connect to the free and fast Cisco Umbrella global network DNS service which offers you visibility into all Internet traffic originating from your ASA, and result in a faster Internet experience for your users. If you then want to add an additional layer of DNS security to your 6 7 ASA, the easy-to-establish connection to Umbrella enables you to access our free trial which you can setup (by yourself) in less than five minutes. 8 8 If you have additional licenses, click [Add New License] and repeat the steps to. 4- Setting Up Umbrella Launch the Cisco ASDM and configure internal DNS servers to use Umbrella as their DNS forwarders. Launch ASDM and Click [Configuration]. MEMO You can get the license (license activation key) from the licensing portal.. Go to http://www.cisco.com/go/license.. Enter the PAKs separated by commas in the Get New Licenses field, and click Fulfill. 3. You will be asked for the License Key and email address among other fields. 4. Copy the resulting license activation key from either the website display or from the zip file attached to the licensing email that the system automatically delivers. MEMO If you are using a DNS forwarder as the primary DNS server for your network, update the server to use the Umbrella IP addresses of 08.67.. and 08.67.0.0. If you re not certain whether you have a DNS forwarder on your ASA or DNS server, the best way to determine what needs to be changed is to see what device is being used as the DNS server for client workstations that are receiving DHCP from the network. This information is typically in the DNS section of the network adapter settings on the client workstation.

4 Click [Device Manage- Using Umbrella DNS 6 Enter 08.67.. ment]. in the [DNS Server ] field. 6 7 Enter 08.67.0.0 7 in the [DNS Server ] field. 3 Click [DHCP]. 4 Click [DHCP Server]. 4 8 Click [Apply]. 3 5 Click [Edit]. 8 5

4 Using Umbrella DNS 4- Signing Up for Umbrella Once you ve configured your Cisco ASA to point to Cisco Umbrella, you can sign up for either a free premium DNS account or a free 4-day trial of Umbrella. Free Premium DNS (https://signup.opendns.com/premiumdns): We offer a free, fast recursive DNS service which gives you visibility into all of your Internet traffic originating from your ASA device. Free Umbrella 4-Day Trial (https://signup.opendns.com/freetrial): If you want to add an additional layer of DNS security to your ASA, try our free trial you can set it up yourself in less than five minutes, no credit card or phone call required. The trial includes: Threat protection like no other block malware, C callbacks, and phishing. Predictive Intelligence automates threat protection to detect attacks before they are launched. Worldwide Coverage, Fast no hardware to install or software to maintain. Weekly security report get a personalized summary of malware requests & more, directly to your inbox.

Appendix Transition Guide Settings Most Next-Generation Firewalls (NGFWs) reduce risk by providing access control over applications and users. But they don t eliminate threats because attackers can still exploit open web connections and approved applications. For superior protection, an NGFW must be able to provide deep visibility into and across the network, apply intelligent automation to identify threats, adapt protections to a dynamic network environment, and quickly scope and recover from attacks to minimize damage. Cisco ASA with Firepower Services delivers all of those capabilities, so upgrade to Cisco s newest NGFW today and protect your high-value digital assets. Feature Typical NGFW Cisco ASA withfirepower Services NSS Breach Detection and NGIPS Leadership Position Reports Partial or Not Available Superior Reputation-Based Proactive Protection Not Available Superior Intelligent Security Automation Not Available Superior File Reputation, File Trajectory, Retrospective Analysis Not Available Superior Application Visibility and Control (AVC) Available Superior AMP and NGIPS in a Single Device Limited Superior Threat Feeds Updated Daily from Security Intelligence to Provide Timely Threat Detection Capability Limited Superior Legacy Models FW + AVC FW + AVC + IPS Current Models FW + AVC FW + AVC + IPS Cisco ASA 5505 - - Cisco ASA 5506-X 50 Mbps 5 Mbps Cisco ASA 550 - - Cisco ASA 5508-X 450 Mbps 50 Mbps Cisco ASA 55 300 Mbps 50 Mbps Cisco ASA 556-X 850 Mbps 450 Mbps Cisco ASA 555-X 500 Mbps 50 Mbps Cisco ASA 556-X 850 Mbps 450 Mbps 07 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0R)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback