IT Solutions Provider

Author: Paula Wong

Categories
Blogs

Configuring IP on Cisco Secure Firepower Threat Defense (FTD) & Adding a Secure Firepower Management Center (FMC)

Cisco Secure FTD and FMC
Cisco Secure FTD and FMC
Cisco Secure FTD and FMC

Configuring IP Cisco Secure Firepower Threat Defense (FTD) & Adding a Secure Firepower Management Center (FMC)

Cisco Secure Firepower Threat Defense (FTD) is a comprehensive security solution that combines firewall, intrusion prevention, and advanced threat protection capabilities. To effectively deploy and manage a Cisco FTD device, configuring the IP address is a critical step. This article provides a step-by-step guide on how to configure IP addresses in a Cisco Secure FTD device and its management interface, the Cisco Secure Firepower Management Center (FMC).

Step 1: Configuring IP on a Cisco FTD Device:

  • Power on the FTD Device:
  • Connect the power cable to the FTD device.
  • Plug the power cable into a power outlet.
  • Turn on the power switch on the FTD device.
  • Connect to the FTD Device:

Step 2: Connect a console cable to the FTD device and your computer:

  • Launch a terminal emulator program (e.g., PuTTY, SecureCRT).
  • Configure the terminal emulator settings to match the appropriate serial port and communication parameters (e.g., baud rate, data bits, parity, stop bits).
  • Access the FTD Device CLI:

Step 3: Open the terminal emulator program and select the appropriate serial port to which the console cable is connected.

  • Set the communication parameters as configured in the previous step.
  • Press Enter to display the FTD device login prompt.
  • Log in to the FTD Device:
  • At the login prompt, enter the default username "admin" and the default password "Admin123" (for newer versions) or "Admin123" (for older versions).

If prompted to change the default password, follow the instructions to set a new password.

Step 4: If prompted to change the default password, follow the instructions to set a new password.

configure network ipv4 manual Replace `` with the desired IP address for the management interface and `` with the appropriate subnet mask.

Step 4: Verify the configuration: Use the "show network" command to verify the IP address configuration for the management interface.

2. Configuring add manager on a FTD Device:

Step 1: Configure the FMC Manager:

Use the following command to add the FMC manager to the FTD device:

configure manager add <FMC_IP> <REGISTRATION_KEY>

Replace `<FMC_IP>` with the IP address of the FMC and `<REGISTRATION_KEY>` with the registration key provided by the FMC.

Step 2: Verify the FMC Manager Configuration:

To ensure that the FMC manager has been added successfully, enter the following command:

show managers

This command will display the FMC manager’s IP address and its status.

To add a Cisco Secure Firepower Threat Defense (FTD) device to a Secure Firepower Management Center (FMC) for centralized management and monitoring, follow these steps:

Step 1:Access the Firepower Management Center (FMC):

  • Open a web browser on a computer connected to the same network as the FMC.
  • Enter the IP address or hostname of the FMC in the browser's address bar.
  • Log in to the FMC using valid administrator credentials.

Step 2: Navigate to the Device Management Section:

After logging in to the FMC, navigate to the “Devices” section. This section is typically located in the top navigation menu.

Step 3: Add a New Device:

In the “Devices” section, click on the “Device Management” tab.Click on the “Add Device” button to initiate the process of adding a new device to the FMC.

Step 4: Enter Device Details:

  • In the "Add Device" form, enter the necessary information for the FTD device:
  • Device Name: Provide a descriptive name for the device.
  • Device Hostname or IP Address: Enter the hostname or IP address of the FTD device.
  • Device Type: Select "Firepower Threat Defense" as the device type.
  • Registration Key: Enter the registration key for the FTD device. This key is obtained from the FTD device CLI.
  • Access Policy: Select an appropriate access policy to apply to the device. If no access policies are available, create one beforehand.

Step 5: Verify Device Connection:

Click on the “Test Connectivity” button to verify the connection between the FMC and the FTD device. Ensure that the connectivity test is successful.

Step 6: Save and Apply Changes:

After verifying the device connection, click on the “Save” button to save the device configuration in the FMC.

The FMC will initiate the process of adding the FTD device to its managed devices list

Step 7: Monitor Device Registration:

Once the FMC has added the FTD device, it will start the registration process.

Monitor the “Devices” section or any notifications on the FMC for the registration status of the FTD device. The FMC will retrieve the device configurations and apply the assigned access policy to the FTD device.

Once the FTD device is successfully added to the FMC, it can be centrally managed and monitored through the FMC’s web interface. The FMC provides extensive security policy management, threat monitoring, and reporting capabilities, enabling administrators to effectively manage their network security using the FTD devices.

The FMC would take a few minutes before completing the FTD registration. You can check the status by going to the Notifications > Tasks menu on the top right side:

Configuring IP addresses in Cisco FTD devices and their management interface, the Firepower Management Center, is essential for proper network connectivity and effective device management. By following the step-by-step instructions outlined in this guide, network administrators can successfully configure IP addresses in Cisco FTD devices and configure manager as well, enabling them to monitor and secure their networks efficiently.
Categories
Blogs

Migrating from Cisco AireOS 3504 WLC to Cisco Catalyst 9800 Controller

Migrating from Cisco AireOS 3504 WLC to Cisco Catalyst 9800 LAN Controller

We will cover how to migrate from the Cisco AireOS 3504 WLC controller to the new Cisco Catalyst 9800 LAN controller.

  • First, you will get the output of “show run-config startup-commands” from the CLI output.
  • After that, you can upload the configuration to theCisco WLC Config Converter(you will need a Cisco CCO account). See example below:

Then select AireOS → Catalyst 9800 from the drop-down menu. (Note: you can use this tool to convert AireOS to Converged Access, AireOS →AireOS (5520/8540) – when you’re upgrading from lower models to higher models, and vice versa).

Once it is done, it will provide you with an output with the following sections:

  • Translated Config (this section shows you all the lines the tool was able to migrate and it also shows the old configuration lines commented out, pretty nice because you can compare the current configuration with the previous ones).
  • Lines start with prefix “!$” need to be taken care of before applying to C9800
  • Lines start with prefix “!%” have note and examples, about features and steps to follow.
  • Unsupported Config (this part shows all lines showing unsupported configuration – either because the commands or protocols have been deprecated, or the newer Cisco Catalyst WLAN controller doesn’t support those configurations.  You will have to go through these lines manually to see if they are needed or not in the new controller.  In most cases, you might be able to ignore it and manually configure them in the new GUI if they are still needed.)
  • Not Applicable Config (similar to the previous section, the tool will provide configuration lines that the new C9800 controller doesn’t support. You will need to go through and see if those lines are still needed or not. if so and there aren’t too many lines, you should manually create them in the GUI).
  • Unmap Config – these are configuration lines that were not migrated. It could be due to some extra configuration lines or lines only known to the existing WLC3504 controller.

The tool does allow you to download the migrated configuration in CSV or Translated_Config.cfg format.  You can import that to your favorite editor so that you can use it to modify and/or make notes as needed while you are working on your migration project. 

I recommend importing the Translated_Cconfig.cfg into Microsoft Excel so that you can make notes, highlight it, or use other editing options while working on it. You will need to reference this file until you’re done migrating everything over to the C9800 controller.

To transfer configuration lines to the C9800 controller, you will ssh to the C9800 controller and start copy lines with without any notes in front of it (i.e., !% or !). You should start several lines or a section at a time and see if there are any errors while pasting it. If so, fix them before moving to the next set of configuration lines.

Once you’re done pasting everything, you can open the GUI of the C9800 and you should see the migrated configuration there.

For the Unsupported Config, Not Applicable, or Unmap Config, go through all of them and see what is needed or not.  Add them if they are needed or just leave them.

Conclusion

As you can see, the Cisco WLC Config Converter tool provides an easy way to upgrade your existing legacy or end-of-life WLAN controller to the new model.  It assists in migrating the bulk of the critical configuration items but there are still some manual configurations that need to happen. These are things like:

  • Configure AAA Radius and TACACS authentication and authorization methods
  • Adding the new C9800’s IP to your Radius and TACACS+ servers
  • Joining the existing Access Points to the new C9800 controller with no downtime

Those are beyond the scope of this article.

Feel free to reach out to us if you need help migrating from your existing Cisco AireOS WLC controllers to the Cisco Catalyst WLC controllers or anything related to the Cisco WLAN controllers, reach out to use at [email protected] and we would love to be able to assist you.

Categories
Blogs

Q&A With Accend Networks

Q&A With Accend Networks

Safety Detectives: Please share your company background, how you got started, and your mission.

Accend Networks: Accend is a 10-year-old company and was started by Paula Wong, its CEO and Founder, with over 25+ years of IT experience.

Paula started it out of some repeated bad experience in a corporate environment after putting in countless hours. First was getting laid off after putting in and working over 16-18 hours for a start-up and even invested her own money into that company (it was during the dot com boom) in hopes that it would return a great profit.

Unfortunately, the company went belly-up. The second was working for a Webex where Paula was terminated due to subordination right before her stock option was going to get vested. She also worked crazy hours at this company.

After two bad luck experiences, Paula felt the corporate environment wasn’t for sure and thought starting a company would be the next best venture.

Accend’s own is to be the go-to IT Solutions provider nationwide.

Apart from our typical network implementation and support projects, we often get requests to help clients install their commercial off-the-shelf (COTS) projects such as SolarWinds and Cisco Unified Communications Manager. Part of our process is to assess the current environment and understand the software purchased so that our consultants can take over seamlessly. The consultants who get assigned to assist clients typically have over 5+ years, sometimes up to 20+ years, in supporting products so that best practice recommendations can be made to guide the clients as needed. We either work with the customer or do the installation ourselves, depending on the client’s preference. Another COTS product is implementing VMware Horizon and Workspace ONE. This is just an example of our approach to getting things done.

In terms of area coverage, we provide advanced network services in California (both northern and southern), and nationwide with several clients on the east coast. The work can be on-site or remote; but luckily, with the availability of remote tools, we can easily support customers with just a phone call.

These are highlights of what we provide, but it is not limited to these examples. We offer dynamic network services since we’re flexible and understand client needs.

SD: What is the main service your company offers?

AN: Accend specializes in cybersecurity but we also provide network design, implementation, and support for data, voice, wireless, and video networks.

SD: What is something unique that helps you stay ahead of your competition?

AN: Accend is very efficient in delivering our services to our customers. We are also able to solve complex problems that our competition can’t.

SD: What do you think are the worst cyberthreats today?

AN:We keep hearing about ransomware attacks affecting many companies and it tends to increase. Not only is it targeting large and well-known enterprises and the government, but they are also costly.

Categories
Blogs

Why You Need an MSP

Services Why You Need an MSP
Why You Need an MSP

Let’s start with the basics. Most people (especially those on the far spectrum of the digital divide) are probably scratching their heads and wondering, “What exactly is an MSP?” Well, it is an acronym for the Managed Service Provider. Now that we have that down, it raises another question, “Why do I need one?” We’re here to answer this question and more.

Managed services involve the practice of outsourcing on a proactive basis certain processes and functions intended to improve operations and cut expenses. Managed Service Providers are a type of IT service company that acts as an outsourced third-party providing a server, network and specialized applications to end users and organizations. It is a strategic method adopted by corporations at various levels as a method of improving operations. Some of the big names in the industry include giants such as IBM, Atos, Infosys, Capgemini, and many others.

What services do MSPs provide?

MSP‘s provide a wide range of services, cutting across fields and disciplines. The services they provide include, but are not restricted to :

  • Firewall Availability Monitoring
  • Security Information Event Monitoring and Log Analytics
  • 24x7x365 Real-Time Security Monitoring
  • Virus Removal
  • Industry-leading Anti-Virus and Anti-Ransomware for Windows, Mac, and Linux
  • NOC Services
  • Advanced Endpoint Detection
  • Critical Application Patching
  • IT security
  • Network infrastructure
Contact us for more information on how we can help.
Why should you partner with an MSP?

Now that we have basic knowledge of an MSP and the many services it provides, it’s time to talk about why it’s so important to partner with one. There are numerous advantages to partnering with an MSP and employing its services. Some are obvious, while others are not. We will walk you through some of the important advantages:

Access to top talent :MSPs provide users with access to skilled individuals with years of experience and expertise under their belts. This is especially important to new startups that may lack the know-how necessary to operate and benefit from the experience that MSPs bring to the table.

24/7 Network Monitoring of Network Devices, Servers, and Desktops : Data is like a river, constantly flowing and ever-changing. MSPs are experts at monitoring and managing this constant stream of data in a way no one else can and transforming it into vital information. By keeping you up-to-date on the constantly changing business sphere, you can keep up with current trends and happenings both within your organization and the industry.

Asset Inventory and Management : This service is vital for proper bookkeeping and auditing within an organization. MSPs provide a digital framework that accurately follows the flow of products in and out of the system, with important details such as amount, time, cost and much more. This is especially important in combating forgery and other fraudulent activities, particularly when dealing with an enormous amount of products.

Patches and Updates : MSPs provide the latest in software and IT infrastructure; they keep you updated on the latest data management systems to boost your productivity to the maximum and keep your company running as smoothly as possible.

This is just a brief run through of the services provided by MSP’s. I encourage you to partner with one today to boost your productivity and profitability.
Share on FacebookShare on Twitter Share on Linkedin
Categories
Blogs

Cloud Hosting Services Vs On-Premises IT Solutions

Cloud Hosting Services Vs On-Premises IT Solutions

A lot of companies and people have been talking about cloud hosting services vs on-premises IT solutions–the pros and cons of both. To be very honest, no option is “perfect”, but cloud hosting services do offer a wide range of advantages over on-premises solutions. Before we delve into all that, it is important to provide some basic background information on the subject.

What are cloud hosting services?

The term cloud services is a broad category that encompasses a vast collection of IT resources provided over the internet. The expression may also be used to describe professional services that support the selection, deployment and ongoing management of various cloud-based resources provided by private vendors, as opposed to on-premises services.

What is an on-premises environment?

An on-premises environment involves software and technology located within the physical confines of an enterprise – often in the company’s data center – as opposed to running remotely on hosted servers or on cloud services such as AWS. The key advantage to such a system of data storage and management is that by installing and running software on hardware located on company premises, staff have physical access to the data and can directly control the configuration, management, and security of the computing infrastructure and data.

What is Amazon Web Services?

Amazon Web Services, or AWS for short, is a subsidiary of Amazon that functions as a secure cloud services platform, offering computing power, database storage services, content delivery, and other functionality to help businesses scale and grow. It offers over 165 fully-featured services from data services globally.

So, what are the various advantages of choosing a cloud hosting service over on-premises solutions, and why you should choose cloud hosting services? There is a myriad of reasons that include :

Running costs

Cost depends on several different factors. First, upfront on-premises solutions are the more expensive option, but with the continual monthly payments made for cloud hosting services, the total costs may eventually tally up. In the long run, AWS is more cost-effective.

One thing to consider is that electricity costs accrue when using on-premises solutions since they consume a lot more electricity for both running and cooling. Over time, this may become a significant expense.

Another consideration is the replacement cost. On average, most organizations have to replace their hardware and upgrade their software every 4-6 years to avoid the danger of failure and costly upgrade fees due to obsolescence.

Bandwidth

It would be extremely misleading to say that cloud services don’t have their own bandwidth problems, but on a general note, the high-ranking cloud hosting services, like Amazon Web Services, provide a much higher level of quality. On-premises solutions require an efficient and well-designed network of switches and cabling to serve bandwidth-hungry applications inside office walls.

Uptime and Dependability

In this cloud regard, hosting services such as AWS far outstrip on-premises solutions. Major cloud hosting services can guarantee an uptime of up to 99.95% in an entire year, with the average downtime for cloud servers being 30 hours per year. By contrast, on-premises solutions at the macro level average up to 14 days of downtime a year, causing revenue losses running to billions of dollars.

Uptime and Dependability

A key feature of AWS is its top-tier security protocol for businesses at all levels. AWS offers levels of data and cyberspace security to small and mid-level businesses that were once only available to large scale corporations. In an era where information is power, you can understand just how important this feature is. If this isn’t a major deal-breaker, then I don’t know what is.