Cisco Firepower Mgmt Center Virtual KVM 6.4.0 102.qcow2

Cisco – Firepower Mgmt Center Virtual KVM-6.4.0-102.qcow2
English | Size: 2.15 GB
Category: Cisco | Networking | Security
About FMCv Deployment and Azure
You deploy the Firepower Management Center Virtual (FMCv) in Microsoft Azure using a solution template available in the Azure Marketplace. When you deploy the FMCv using the Azure portal you can use an existing empty resource group and storage account (or create them new). The solution template walks you through a set of configuration parameters that provide the initial setup of your FMCv, allowing you to login to the FMCv web interface after first boot.

FMCv on Microsoft Azure supports two instance types:

Standard D3_v2-4 vCPUs, 14GB memory, 250GB disk size

Standard D4_v2-8 vCPUs, 28GB memory, 400GB disk size

The FMCv on Azure must be deployed in a virtual network (VNet) using the Resource Manager deployment mode. You can deploy the FMCv in the standard Azure public cloud environment. The FMCv in the Azure Marketplace supports the Bring Your Own License (BYOL) model.
Prerequisites and System Requirements

Support for the FMCv on Microsoft Azure is new with the release of Firepower version 6.4.0. For Firepower Management Center Virtual and Firepower System compatibility, see Cisco Firepower Threat Defense Virtual Compatibility.

Verify the following before you deploy the FMCv in Azure:

Create an account on Azure.com.

After you create an account on Microsoft Azure, you can log in, search the marketplace for Cisco Firepower Management Center Virtual, and choose the "Cisco Firepower Management Center (FMCv) BYOL" offering.

A Cisco Smart Account. You can create one at Cisco Software Central (https://software.cisco.com/).

Guidelines and Limitations
Supported Features

Supported Azure Instances

Standard D3_v2-4 vCPUs, 14GB memory, 250GB disk size

Standard D4_v2-8 vCPUs, 28GB memory, 400GB disk size

Public IP addressing

The Management 0/0 is assigned a public IP address.

Licensing

The FMCv in the Azure public marketplace supports the Bring Your Own License (BYOL) model. For the FMCv, this is a platform license rather than a feature license. The version of virtual license you purchase determines the number of devices you can manage via the Firepower Management Center Virtual. For example, you can purchase licenses that enable you to manage two devices, 10 devices, or 25 devices.

Licensing modes:

Smart License only

For licensing details, see Licensing the Firepower System in the Firepower Management Center Configuration Guide for more information about how to manage licenses; see Cisco Firepower System Feature Licenses for an overview of feature licenses for the Firepower System, including helpful links.
System Shut Down and Restart

Do not use the Restart and Stop controls on the Azure Virtual machine overview page to power on the FMCv VM. These are not graceful shutdown mechanisms and can lead to database corruption.

Use the System > Configuration options available from the FMCv’s Web interface to shut down or restart the virtual appliance.

Use the shutdown and restart commands from the FMCv’s command line interface to shut down or restart the appliance.
Unsupported Features

Licensing modes:

Pay As You Go (PAYG) licensing.

Permanent License Reservation (PLR).

Management

Azure portal "reset password" function.

Console-based password recovery; because the user does not have real-time access to the console, password recovery is not possible. It is not possible to boot the password recovery image. The only recourse is to deploy a new FMCv VM.

High Availability (active/standby)

VM import/export

Resources Created During Deployment

When you deploy the FMCv in Azure the following resources are created:

A Cisco FMCv Virtual Machine (VM) with a single interface (requires a new or an existing virtual network with 1 subnet).

A Resource Group.

The FMCv is always deployed into a new Resource Group. However, you can attach it to an existing Virtual Network in another Resource Group.

A security group named vm name-mgmt-SecurityGroup.

The security group will be attached to the VM’s Nic0.

The security group includes rules to allow SSH (TCP port 22) and the management traffic for the Firepower Management Center interface (TCP port 8305). You can modify these values after deployment.

A Public IP Address (named according to the value you chose during deployment).

The public IP address is associated with VM Nic0, which maps to Management.
Note

You can create a new public IP or choose an existing one. You can also choose NONE. Without a public IP address, any communication to the FMCv must originate within the Azure virtual network

A Routing Table for the subnet (updated if it already exists).

A boot diagnostics file in the selected storage account.

The boot diagnostics file will be in Blobs (binary large objects).

Two files in the selected storage account under Blobs and container VHDs named VM name-disk.vhd and VM name-.status.

A Storage account (unless you chose an existing storage account).
Important

When you delete a VM, you must delete each of these resources individually, except for any resources you want to keep.

Deploy the Firepower Management Center Virtual

You can deploy the Firepower Management Center Virtual in Azure using templates. Cisco provides two kinds of templates:

Solution Template in the Azure Marketplace-Use the solution template available in the Azure Marketplace to deploy the FMCv using the Azure portal. You can use an existing resource group and storage account (or create them new) to deploy the virtual appliance. To use the solution template, see Deploy from Azure Marketplace Using the Solution Template.

ARM Templates in the GitHub Repository-In addition to the Marketplace-based deployment, Cisco provides Azure Resource Manager (ARM) templates in the GitHub Repository to simplify the process of deploying the FMCv on Azure. Using a Managed Image and two JSON files (a Template file and a Parameter file), you can deploy and provision all the resources for the FMCv in a single, coordinated operation.

Deploy from Azure Marketplace Using the Solution Template

Deploy from Azure Marketplace Using the Solution Template

Deploy the Firepower Management Center Virtual (FMCv) from the Azure portal using the solution template available in the Azure Marketplace. The following procedure is a top-level list of steps to set up the FMCv in the Microsoft Azure environment. For detailed steps for Azure setup, see Getting Started with Azure.

When you deploy the FMCv in Azure it automatically generates various configurations, such as resources, public IP addresses, and route tables. You can further manage these configurations after deployment. For example, you may want to change the Idle Timeout value from the default, which is a low timeout.
Procedure
Step 1

Log in to the Azure portal (https://portal.azure.com) using your Microsoft account credentials.

The Azure portal shows virtual elements associated with the current account and subscription regardless of data center location.
Step 2

Click Create a Resource.
Step 3

Search the Marketplace for "Cisco Firepower Management Center (FMCv)", choose the offering, and click Create.
Step 4

Configure the settings under Basics:

Enter a name for the virtual machine in the FMC VM name in Azure field. This name should be unique within your Azure subscription.
Attention

Make sure you do not use an existing name or the deployment will fail.

(Optional) Choose the FMC Software Version from the dropdown list.

This should default to the latest available version.

Enter a username for the Azure account administrator in the Username for primary account field.

The name "admin" is reserved in Azure and cannot be used.
Attention

The username entered here is for the Azure account, not for FMCv administrator access. Do not use this username to log in to the FMCv.

Choose an authentication type, either Password or SSH public key.

If you choose Password, enter a password and confirm. The password must be between 12 and 72 characters, and must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character that is not ‘' or ‘-‘.

If you choose SSH public key, specify the RSA public key of the remote peer.

Enter an FMC Hostname for the FMCv.

Enter an Admin Password.

This is the password you’ll use when you log in to the FMCv’s Web interface as the administrator to configure the FMCv.

Choose your Subscription type.

Normally there is only one option listed.

Create a new Resource group.

The FMCv should be deployed into a new Resource Group. The option to deploy into an existing Resource Group only works if that existing Resource Group is empty.

However, you can attach the FMCv to an existing Virtual Network in another Resource Group when configuring the network options in later steps.

Select your geographical Location.

You should use the same location for all resources used in this deployment. The FMCv, the network, storage accounts, etc. should all use the same location.

Click OK.

Step 5

Next, complete the initial configuration under Cisco FMCv Settings:

Confirm the selected Virtual machine size, or click the Change size link to view the VM size options. Click Select to confirm..

Only the supported virtual machine sizes are shown.

Configure a Storage account. You can use an existing storage account or create a new one.

Enter a Name for the storage account, then click OK. The storage account name can only contain lowercase letters and numbers. It cannot contain special characters.

As of this release the FMCv only supports general purpose, standard performance storage.

Configure a Public IP address. You can use an existing IP or create a new one.

Click Create new to create a new public IP address. Enter a label for the IP address in the Name field, select Standard for the SKU option, then click OK.
Note

Azure creates a dynamic public IP address, regardless of the dynamic/static choice made in this step. The public IP may change when the VM is stopped and restarted. If you prefer a fixed IP address, you can edit the public-ip and change it from a dynamic to a static address after the deployment has completed.

You can choose NONE if you don’t want to assign a public IP address to the FMCv. Without a public IP address, any communication to the FMCv must originate within the Azure virtual network.

Add a DNS label that matches the label of the public IP.

The fully qualified domain name will be your DNS label plus the Azure URL: ..cloudapp.azure.com

Choose an existing Virtual network or create a new one, the click OK.

Configure the management subnet for the FMCv.

Define a Management subnet name and review the Management subnet prefix. The recommended subnet name is "management".

Click OK.

Step 6

View the configuration summary, and then click OK.
Step 7

View the terms of use and then click Create.
Step 8

Select Notifications (bell icon) at the top of the portal to view the status of the deployment.
Figure 1. Azure Notifications

DOWNLOAD
(Buy premium account for maximum speed and resuming ability)