Onboarding
Steps:
-
Step 1: Familiarize yourself with the Firepower system
- Task 1: Firepower documentation
- Task 2: Watch Success Tip | Getting Started: Cisco Secure Firewall Overview
- Task 3: Watch Success Tip | Architecture Transformation Planning: Creating Your Network Insertion Strategy
- Step 2: Document success criteria to keep stakeholders aligned as you move forward
-
Step 3: Familiarize yourself with Smart Licensing
- Task 6: Ensure Smart Licensing has been setup and appropriate users can login to generate tokens in a later stage
-
Step 4: Gather information on your assets to formulate your network
insertion and policy strategies
- Task 7: Identify workloads and applications and protected IP spaces, segments, and ranges
-
Step 5: Create your network insertion strategy
- Task 8: Learn about design considerations and define your physical and logical architecture
- Task 9: Determine if you will use IPS blocking
- Task 10: Learn about deployment modes (routed/transparent) and interface types
- Task 11: Understand your high availability requirements
- Task 12: Understand your routing requirements
Implement
Steps
-
Step 1: Understand firewall migration requirements
- Task 1: Migration tool overview and guides
- Task 2: Migration tool compatibility guide
- Task 3: Firepower Threat Defense compatibility guide
- Task 4: FXOS compatibility guide
- Task 5: Watch Success Tip | Installation / Implementation Best Practices: Post Installation Validation
- Task 6: Watch Success Tip | Migration Strategies and Best Practices: Migration Guidance
- Step 2: Onboard one or more cloud accounts
-
Step 3: Install the solution components including both virtual and
physical
- Task 9: 2100 Hardware Install Guide
- Task 10: 4100 Hardware Install Guide
- Task 11: Cisco Secure Firewall Threat Defense Virtual Install and Upgrade Guides
- Task 12: Cisco Firepower Management Center (FMC) Install Guides
- Task 13: Cisco Secure Firewall Management Center (FMC) Virtual Getting Started Guide
- Task 14: Software Download
-
Step 4: Test Connectivity between the Firewall Management Center
to the managed devices and Cisco
- Task 15: Validate that communication paths are opened between solution components
-
Step 5: Apply the initial bootstrap configurations to system components
based on your design
- Task 16: Cisco Firepower 2100 Getting Started Guide
- Task 17: Cisco Firepower 4100 Getting Started Guide
- Task 18: Cisco Secure Firewall Threat Defense Virtual Getting Started Guide
- Task 19: Cisco Firepower Management Center (FMC) Install Guides
- Task 20: Cisco Secure Firewall Management Center (FMC) Virtual Getting Started Guide
- Task 21: Configure high availability and/or clustering, where required
-
Step 6: Register with Smart Licensing and Activate Licenses
- Task 22: Apply Smart Licensing to managed devices
-
Step 7: Ensure telemetry is enabled (Cisco Success Network)
- Task 23: Ensure you meet the minimum version for this use case and opt in with the Cisco Success Network telemetry data
- Step 8: Deploy initial configurations for network insertion
-
Step 9: Validate the initial setup
- Task 29: View the Installation and Implementation Best Practices virtual event session for additional guidance
- Step 10: Learn about available integrations
Use
Steps
-
Step 1: Learn about core features and how to configure them
- Task 1: Understand Network Address Translation (NAT) requirements
- Task 2: Plan how you will leverage Network Discovery
- Task 3: Watch Success Tip | Feature Overview: Identity Store Integration Overview for User-Based Policy Decisions
- Task 4: Watch Success Tip | Feature Overview: Threat Intelligence Overview
- Task 5: Watch Success Tip | Feature Overview: Advanced Malware Protection
-
Step 2: Learn about Access Control Policy and Threat Intelligence
- Task 6: Plan how you will leverage Access Control Policies
- Task 7: Plan how you will leverage Threat Intelligence features
-
Step 3: Learn about Identity Stores for User Based Policy
- Task 8: Learn about identity stores for user-based policy
-
Step 4: Learn about Advanced Malware Protection
- Task 9: Plan how you will leverage Advanced Malware Protection
-
Step 5: Learn about URL filtering (requires URL license)
- Task 10: Plan how you will leverage URL filtering
-
Step 6: Learn about site-to-site VPN
- Task 11: Plan how you will use and protect your Site-to-Site VPN connections
-
Step 7: Learn about Intrusion Detection and Prevention and apply
your first IPS policy
- Task 12: Plan how you will leverage IDS/IPS policies
-
Step 8: Finish planning, creation, and deployment of Internet Edge
Protection policies
- Task 13: Deploy Access Control Policies (ACP) with threat rules enabled
-
Step 9: Learn connectivity troubleshooting techniques
- Task 14: Be prepared with tips to test upcoming policies
- Task 15: Troubleshooting best practices
-
Step 10: Discover Firepower dashboards and reports
- Task 16: Discover Firepower dashboards
- Task 17: Discover Firepower reports
Engage
Steps
-
Step 1: Build a firewall rule lifecycle process
- Task 1: Firewall rule lifecycle management
- Task 2: Watch Success Tip | Operations Planning and Best Practices: Turning on Automatic Security Updates and Keeping Policies Updated
- Task 3: Watch Success Tip | Operations Planning and Best Practices: Initial Policy Tuning
- Task 4: Watch Success Tip | Advanced Feature Overview: SSL Inspection and TLS Decryption Overview
- Step 2: Setup operational monitoring
-
Step 3: Initial tuning of false positives and security feature related
policies
- Task 8: Tuning intrusion policies
-
Step 4: Learn about TLS decrypt and its deployment strategy
- Task 9: Understanding TLS traffic decryption
-
Step 5: Bring additional Firewalls online
- Task 10: Using processes established to this point, expand your deployment by bringing additional firewalls online
Adopt
Steps
- Step 1: Enable Automatic Security Updates
- Step 2: Discover APIs and their uses
- Step 3: Perform your first health check and rule tuning
Comments
0 comments
Please sign in to leave a comment.