Activation - NGFW - Data Center Firewall Operations – Cisco Activation as a Service

Onboarding Implement Use Engage Adopt

Onboarding

Steps:

Step 1: Familiarize yourself with the Firepower system
- Task 1: Firepower documentation
- Link
- Task 2: Watch Success Tip | Product Overview and Business Value: Cisco Secure Firewall
- Watch Video
- Task 3: Watch Success Tip | Getting Started: Cisco Secure Firewall Overview
Watch Video
Step 2: Document success criteria to keep stakeholders aligned as you move forward
- Task 4: Understand minimum requirements for this Use Case and how to update systems
- Link
- Task 5: Navigate Cisco Secure Firewall Threat Defense documentation
- Link
Step 3: Familiarize yourself with Smart Licensing
- Task 6: Ensure Smart Licensing has been set up and appropriate users can log in to generate tokens in a later stage
- Link
- Watch Video
Step 4: Gather information on your assets to formulate your network insertion and policy strategies
- Task 7: Identify workloads and applications, as well as protected IP address subnets/segments/ranges within the data center
- Configuration Guide
- Admin Guide
Step 5: Create your network insertion strategy
- Task 8: Learn about design considerations for the data center and define your physical and logical architecture
- Link
- Task 9: Determine if you will use IPS blocking
- Link
- Task 10: Learn about deployment modes (routed/transparent) and interface types
- Link
- Task 11: Learn about licensing for multi-instance deployments
- Link
- Link
- Task 12: Understand your high availability and/or clustering requirements
- Link
- Link
- Task 13: Understand your routing requirements
- Link

Implement

Steps

Step 1: Understand firewall migration requirements
- Task 1: View the migration tool overview and guides
- Link
- Task 2: View the migration tool compatibility guide
- Link
- Task 3: Watch Success Tip | Installation / Implementation Best Practices: Post Installation Validation
- Watch Video
- Task 4: Watch Success Tip | Migration Strategies and Best Practices: Migration Guidance
- Watch Video
Step 2: Understand design principles of basic access control policies
- Task 5: View the access control overview
- Link
- Task 6: View the access control best practices
- Link
Step 3: Install the solution components including both virtual and physical
- Task 7: 9300 Hardware Install Guide
- Link
- Task 8: 4100 Hardware Install Guide
- Link
- Task 9: Cisco Secure Firewall Threat Defense Virtual Install and Upgrade Guides
- Link
- Task 10: Cisco Firepower Management Center (FMC) Install Guides
- Link
- Task 11: Cisco Firepower Management Center (FMC) Virtual Getting Started Guide
- Link
- Task 12: Firepower Compatibility Guide
- Link
- Task 13: FXOS Compatibility Guide
- Link
- Task 14: Software download
- Link
Step 4: Test Connectivity between the Firewall Management Center to the managed devices and Cisco
- Task 15: Validate that communication paths are opened between solution components
- Link
Step 5: Apply the initial bootstrap configurations to system components based on your design
- Task 16: Cisco Firepower 9300 Getting Started Guide
- Link
- Task 17: Cisco Firepower 4100 Getting Started Guide
- Link
- Task 18: Cisco Secure Firewall Threat Defense Virtual Getting Started Guide
- Link
- Task 19: Cisco Firepower Management Center (FMC) Install Guides
- Link
- Task 20: Cisco Secure Firewall Management Center (FMC) Virtual Install Guides
- Link
- Task 21: Configure high availability and/or clustering, where required
- Link
Step 6: Register with Smart Licensing and Activate Licenses
- Task 22: Apply Smart Licensing to managed devices
- Link
Step 7: Ensure telemetry is enabled (Cisco Success Network)
- Task 23: Ensure you meet the minimum version for this use case
- Link
- Link
Step 8: Enable data interfaces
- Task 24: Define and enable interfaces
- Link
Step 9: Deploy initial configurations for network insertion
- Task 25: Ensure interfaces have been defined and enabled
- Link
- Task 26: Ensure routing has been defined where applicable
- Link
- Task 27: Ensure High Availability has been deployed where applicable
- Link
Step 10: Configure HA and/or Clustering requirements
- Task 28: Deployed high availability and/or clustering, where applicable
- Configuration Guide
- Admin Guide
Step 11: Configure routing requirements
- Task 29: Apply routing where applicable
- Link
Step 12: Validate the initial setup
- Task 30: Register for a virtual event, available on Cisco Community
- Link
Step 13: Learn about available integrations
- Task 31: Explore our integrated products matrix
- Link
- Task 32: Learn about Advanced Malware Protection for Networks
- Link
- Task 33: Learn about ISE
- Link
- Task 34: Learn about Firepower REST APIs
- Link

Use

Steps: 3 Steps / 13Tasks

Step 1: Learn about Network Discovery
- Task 1: Plan how you will leverage Network Discovery
- Link
- Task 2: Watch Success Tip | Feature Overview: Advanced Malware Protection
- Watch Video
- Task 3: Watch Success Tip | Feature Overview: Threat Intelligence Overview
- Watch Video
- Task 4: Watch Success Tip | Feature Overview: Application Detection and URL Policy Brief Overview
- No video
- Task 5: Watch Success Tip | Feature Overview: Identity Store Integration Overview for User-Based Policy Decisions
- Watch Video
Step 2: Learn about Access Control Policy and Threat Intelligence
- Task 6: Plan how you will leverage Access Control Policies
- Link
- Task 7: Plan how you will leverage Threat Intelligence features
- Link
- Watch Video
Step 3: Learn about Identity Stores for User Based Policy
- Task 8: Learn about identity stores for user-based policy
- Link
- Watch Video
Step 4: Learn about Advanced Malware Protection
- Task 9: Plan how you will leverage Advanced Malware Protection
- Link
Step 5: Learn about Intrusion Detection and Prevention
- Task 10: Plan how you will leverage IDS/IPS policies
- Link
- Watch Video
Step 6: Finish planning, creation, and deployment of Data Center Protection policies
- Task 11: Deploy your policies
- Link
Step 7: Learn connectivity troubleshooting techniques
- Task 12: Be prepared with tips to test upcoming policies
- Link
- Task 13: Troubleshooting best practices
- Watch Video
- Link
Step 8: Discover Firepower dashboards and reports
- Task 14: Discover Firepower dashboards
- Link
- Watch Video
- Task 15: Discover Firepower reports
- Watch Video
- Link

Engage

Steps

Step 1: Build a firewall rule lifecycle process
- Task 1: Firewall rule lifecycle management
- Watch Video
- Task 2: Watch Success Tip | Operations Planning and Best Practices: Turning on Automatic Security Updates and Keeping Policies Updated
- Watch Video
- Task 3: Watch Success Tip | Operations Planning and Best Practices: Initial Policy Tuning
- Watch Video
- Task 4: Watch Success Tip | Advanced Feature Overview: SSL Inspection and TLS Decryption Overview
- Watch Video
Step 2: Set up operational monitoring
- Task 5: Configure health policies
- Link
- Task 6: Learn how to use health monitor alerts
- Link
- Task 7: Backup/restore and scheduling
- Link
Step 3: Initial tuning of false positives and security feature related policies
- Task 8: Tuning intrusion policies
- Link
Step 4: Learn about TLS decrypt and its deployment strategy
- Task 9: Understanding TLS traffic decryption
- Link
Step 5: Continue your deployment
- Task 10: Using processes established to this point, expand your deployment by bringing additional firewalls online
- Link
- Link

Adopt

Steps

Step 1: Enable Automatic Security Updates
- Task 1: Turn on automatic security updates
- Link
- Task 2: Deploy policies with security updates to managed services
- Link
- Task 3: Watch Success Tip | ROI Assessment Best practices: NGFW
- Watch Video
Step 2: Discover APIs and their uses
- Task 4: Confirm usage and strategy for APIs
- Link
- Task 5: Watch Success Tip | Adapting to Changes: Cisco Secure Firewall
- Watch Video
Step 3: Perform your first health check and rule tuning
- Task 6: Tune Access Control Policy rules paying attention to best practices for rule efficiency
- Link
- Task 7: Rewrite inefficient rules and remove unnecessary rules where relevant
- Link

Reference Guided Resources

Related articles