How do I set up AnyConnect on firepower Management Center?
On your Firepower Management Center web interface, go to Objects > Object Management > VPN > AnyConnect File and add the new AnyConnect client image files. On your Firepower Management Center web interface, choose Devices > VPN > Remote Access .
How do I set up a local realm for remote access?
Choose Devices > VPN > Remote Access. Click Edit () next to the remote access VPN policy that you want to edit. Click the link next to Local Realm. Select the Local Realm Server from the list, or click Add to add a new local realm and then select a realm.
Which modulus group should I allow in the remote access VPN?
Select the modulus group that you want to allow in the remote access VPN configuration: 1—Diffie-Hellman Group 1 (768-bit modulus). 2—Diffie-Hellman Group 2 (1024-bit modulus).
What are the options for load balancing in FMC?
IP Address Pool —Choose unique IP address pool for member devices, and override the IP pool in FMC for each of the member devices. Devices that are behind Network Address Translation (NAT) can also be part of a load balancing group.
How to safeguard Firepower Management Center?
Security Requirements. To safeguard the Firepower Management Center, you should install it on a protected internal network. Although the FMC is configured to have only the necessary services and ports available, you must make sure that attacks cannot reach it (or any managed devices) from outside the firewall.
What ports does Firepower use?
By default, Firepower appliances are configured to connect to the internet on ports 443/tcp (HTTPS) and 80/tcp (HTTP). If you do not want your appliances to have direct access to the internet, you can configure a proxy server.
Can FMC and managed devices be connected?
If the FMC and its managed devices reside on the same network, you can connect the management interfaces on the devices to the same protected internal network as the FMC. This allows you to securely control the devices from the FMC.
Does Firepower Management Center access the internet?
In most cases, it is the Firepower Management Center that accesses the internet. However, sometimes managed devices also access the internet. For example, if your malware protection configuration uses dynamic analysis, managed devices submit files directly to the Cisco Threat Grid cloud.
How to gain management access from external network?
In order to gain management access directly from an external network, you must configure management access via HTTPS or SSH. This document provides the necessary configuration required to gain management access over SSH or HTTPS externally.
How many steps are there to configure management access?
These are the four major steps taken to configure the Management Access.
What is SSH in FTD?
SSH provides direct access to the converged CLI. Use this option to directly access the CLI and run debug commands.This section describes how to configure SSH in order to access the FTD CLI.
Why is external authentication necessary?
This is a necessary step because locally configured users do not have direct access to the diagnostic CLI. The diagnostic CLI and the GUI are accessed only by users that are authenticated via Lightweight Directory Access Protocol (LDAP) or RADIUS.
What does enable for HTTP do?
Enable for HTTP - Enable this option to provide access the FTD over HTTPS.
How many steps are there to configure external authentication?
There are 6 steps to configure External Authentication.
Can a local user access the CLI?
Note: On FTD devices running software version 6.0.1, the CLI cannot be accessed by a local user, an external authentication must be configured in order to authenticate the users. However, on FTD devices running software version 6.1.0, the CLI is accessed by the local admin user while an external authentication is required for all other users
