Net Worker World

ini Reimage of Firepower FTD 1000, 2100 and 3100 Series Requirements: Console connection MGMT interface to a remote storage server FTD image on the remote storage server 1. Format the appliance Console in FXOS CLI connect local-mgmt format everything 2. Enter ROMMON by pressing ESC key when booting. 3. Enter following to prepare TFTP download 4. Type set to confirm 5. Type sync to apply 6. Initiate boot process with tftp -b 7. Once system come up, login with admin/Admin123 8. Configure MGMT IP      scope fabric-interconnect a      set   out-of-band static ip  xxxx  netmask   yyyy  gw   zzzz 9. Download FTD image      scope firmware      download   image  usbA:package_name   -- Using USB      download image  tftp/ftp/scp/sftp://path_to_your_image 10. Check download prog r ess      show download-task 11. When state is "Downloaded", verify with show package 12. Start to install  (may take up to 45 mins)      scope auto-install      install security-pack version version force 13.

 Anyconnect / Secure Client VPN Local LAN access 1. When split tunnel all is configured      1.1 Add Deny 0.0.0.0/32 on the top of split-tunnel ACL     1.2 Configure VPN client Profile to enable "Allow LAN Access" 2. When tunnel all is configured Chang Split Tunnel ACL change to "Exclude Network List Below" with  0.0.0.0/32 AnyConnect Split Tunneling (Local Lan Access, Split Tunneling, Static & Dynamic (domain) - Cisco Community  

 Move FTD 7.4 in HA to new FMC FTD-74-A and FTD-74-B are in HA, managed by FMC-1. Assume we need move FTDs to FMC-2. 1. On FTD-74-A     Delete manager     Configure new MGMT IP which can reach FMC-2     Add a new manager FMC-2 2. On FMC-2, register FTD-74-A, assign "Init Discovery ACP" , FMC-2 is able to identify FTD-74-A in HA and automatically create HA, then try to automatically register FTD-74-B, if it fails,  will unregister FTD-74-A.  If success, both FTD will show up in FMC in HA mode 3. Assign interfaces to Zone and add default routing back. The assign proper ACP, this ACP can be expert/import from FMC-1

 Backup FMC and FTD to remote SMB Server Lab on FMC 7.2.x 1. Create remote storage One SMB server:       file " appliance_rsd_info.txt " contains folder info.     The folder name is FMC UUID, can be seen in FMC "show version". Folder " backups " is for FMC, folder " remote-backups " is for FTD device 2. Create Backup Profile, specify backup Configuration and/or Events.      System > Backup/Restore > Backup Profiles >Create Profile                  Backup profile is used by FMC only  3. Backup FMC or FTD System > Backup/Restore > Backup Management Choose backup FMC or device (FTD) 4. Schedule a backup for FMC or FTD System > Scheduling > Add Task FTD: Check "Retrieve to Management Center" will list backup in FMC and backup to remote storage. If it is not checked, backup is only on FTD local /var/sf/backup ================== Lab Scenario 1: Standalone FTD has device backup. FTD-72-C is a standalone FTD, have backup o