manualshive.com logo in svg

Cisco Firepower 8120, Руководство по началу работы

Cisco Firepower 8120 - мощный сетевой устройство, обеспечивающее надежную защиту вашей сети. Для того, чтобы начать использовать этот продукт, вам потребуется "Getting Started Manual". Вы можете скачать его бесплатно с нашего сайта manualshive.com.

Поделиться
Скачать
background image

      

 

  Restoring a Device to Factory Defaults

Firepower 8000 Series Getting Started Guide

32

Enabling LOM and LOM Users

Before you can use LOM to restore an appliance, you must enable and configure the feature. You must also 
explicitly grant LOM permissions to users who will use the feature.

You configure LOM and LOM users on a per-appliance basis using each appliance’s local web interface. That is, 
you cannot use the Management Center to configure LOM on a Firepower device. Similarly, because users are 
managed independently per appliance, enabling or creating a LOM-enabled user on the Management Center does 
not transfer that capability to users on Firepower devices.

LOM users also have the following restrictions:

You must assign the Administrator role to the user.

The user name may have up to 16 alphanumeric characters. Hyphens and longer user names are not 
supported for LOM users.

The password may have up to 20 alphanumeric characters. Longer passwords are not supported for LOM 
users. A user’s LOM password is the same as that user’s system password.

8000 Series devices can have up to 13 LOM users. 

Note: 

For detailed instructions on the following tasks, see the Configuring Appliance Settings chapter in the 

Firepower Management Center Configuration Guide

.

To enable LOM:

1.

Select 

System > Configuration

, then click 

Console Configuration

.

2.

Enable remote access using the 

Physical Serial Port

, then specify the LOM IP address, netmask, and default 

gateway (or use DHCP to have these values automatically assigned). 

Note: 

The LOM IP address must be different from the management interface IP address of the appliance.

To enable LOM capabilities for a Firepower System user:

1.

Select 

System > User Management

, then either edit an existing user to add LOM permissions, or create a new user 

that you will use for LOM access to the appliance.

2.

On the User Configuration page, enable the 

Administrator

 role if it is not already enabled.

3.

Enable the 

Allow Lights-Out Management Access

 check box and save your changes.

Installing an IPMI Utility

You use a third-party IPMI utility on your computer to create an SOL connection to the appliance.

If your computer is running Linux or Mac OS, use IPMItool. Although IPMItool is standard with many Linux 
distributions, you must install IPMItool on a Mac. First, confirm that your Mac has Apple's xCode developer tools 
package installed. Also, make sure the optional components for command line development are installed ("UNIX 
Development” and "System Tools" in newer versions, or "Command Line Support" in older versions). Finally, 
install MacPorts and IPMItool. For more information, use your favorite search engine or see these sites:

https://developer.apple.com/technologies/tools/

http://www.macports.org/

For Windows environments, use ipmiutil, which you must compile yourself. If you do not have access to a compiler, 
you can use ipmiutil itself to compile. For more information, use your favorite search engine or see this site:

http://ipmiutil.sourceforge.net/

Содержание Firepower 8120

Страница 1: ... This section lists the items included with each model Note that contents are subject to change and your exact contents might contain additional or fewer items Chassis Models A Firepower 8000 Series device can be delivered on a variety of chassis The Firepower 8120 8130 8140 and the AMP8050 AMP8150 are available as 1U appliances and can contain up to three sensing modules The following illustratio...

Страница 2: ...stacking module You can add up to two stacking kits for a total 8U configuration Firepower 8270 6U stacked model the 40G primary chassis contains two stacking modules and up to five sensing modules Two secondary chassis contains one stacking module You can add one stacking kit for a total 8U configuration Firepower 8290 8U stacked model the 40G primary chassis contains three stacking modules and u...

Страница 3: ... fully configured and does not accept a stacking kit Included Items Two power cords per chassis Two straight through Cat 5e Ethernet cables per chassis One rack mounting kit per chassis A combination of Network Modules NetMods as described in the following section Network Modules The sensing interfaces for the Firepower 8000 Series appliances can be delivered with copper or fiber interfaces Cautio...

Страница 4: ...Fiber Configurable Bypass NetMod For use only with Firepower 8270 8290 8370 8390 AMP8370 8390 or 40G capable Firepower 8250 8260 8350 8360 or AMP8350 8360 Cable Multiple Fiber Push On MPO connector optical transceivers Passive configurations 1 or 2 Inline configurations 1 Quad Port 1000BASE T Copper Non Bypass NetMod Cable standard copper Passive configurations 1 2 3 or 4 Inline configurations 1 o...

Страница 5: ...ould connect a single Firepower 8140 Firepower 8250 or Firepower 8350 AMP8350 Connect the secondary devices to the primary device as indicated in the stack cabling diagram If a secondary device contains sensing interfaces those interfaces are not used After the devices are physically connected to the network segments and to each other use a Firepower Management Center to establish and manage the s...

Страница 6: ...cking cable To insert the cable hold the cable end with release tab facing up then insert the keyed end into the port on the stacking module until you hear the latch click into place To remove the cable pull on the release tab to release the latch then remove the cable end Cabling Diagrams ...

Страница 7: ...passive or inline cabling configuration The trusted management network a restricted network protected from unauthorized access may have a single secure connection to the Internet for security updates and similar functions but is separate from the rest of your network and is not accessible to hosts used in daily business operations You can connect sensing interfaces to different network segments de...

Страница 8: ...n the Firepower Management Center that manages the device to confi gure the device s sensing interfaces as passive inline inline with fail open switched routed or hybrid Use only the interfaces on the front of the device as sensing interfaces See the Firepower 8000 Series Hardware Installation Guide for detailed information on planning your deployment After you have selected a deployment model cab...

Страница 9: ... also known as a NULL modem cable or Cisco console cable at any time then configure the remote management console to redirect the default VGA output to the serial port To interact with the appliance use terminal emulation software such as HyperTerminal or XModem The settings for this software are 9600 baud 8 data bits no parity checking 1 stop bit and no flow control Firepower 8000 Series and AMP8...

Страница 10: ... to the network segment you want to analyze Fiber Tap If you are deploying the device with an optional fiber optic tap connect the SC plug on the optional multimode fiber cable to the analyzer port on the tap Connect the tap to the network segment you want to analyze Copper Tap If you are deploying the device with an optional copper tap connect the A and B ports on the left of the tap to the netwo...

Страница 11: ...ow how the appliance is deployed the setup process is also a good time to perform many initial administrative level tasks including registration and licensing Note If you are deploying multiple appliances set up your devices first then their managing Firepower Management Center The initial setup process for a device allows you to preregister it to a Firepower Management Center the setup process fo...

Страница 12: ... device s management interface For a device connected to a computer with an Ethernet cable direct the browser on that computer to the default management interface IPv4 address https 192 168 45 45 For a device where network settings are already configured use a computer on your management network to browse to the IP address of the device s management interface 2 Log in using admin as the username a...

Страница 13: ... network settings using the LCD panel Note Enabling this option can represent a security risk You need only physical access not authentication to configure network settings using the LCD panel For more information see Using the LCD Panel on a Firepower Device in the Firepower 8000 Series Hardware Installation Guide Remote Management You must manage a Cisco device with a Firepower Management Center...

Страница 14: ...e this mode if your device is deployed inline as part of an access control deployment that is if you want to perform application user and URL control A device configured to perform access control usually fails closed and blocks non matching traffic Rules explicitly specify the traffic to pass You should also choose this mode if you want to take advantage of your device s specific hardware based ca...

Страница 15: ...min123 as the password For a device attached to a monitor and keyboard log in at the console If you connected a computer to the management interface of the device using an Ethernet cable SSH to the interface s default IPv4 address 192 168 45 45 The device immediately prompts you to read the EULA 2 Read and accept the EULA 3 Change the password for the admin account This account has Administrator p...

Страница 16: ...ice s CLI To register a device use the configure manager add command A unique alphanumeric registration key is always required to register a device to a Firepower Management Center This is a simple key that you specify up to 37 characters in length and is not the same as a license key In most cases you must provide the Firepower Management Center s hostname or the IP address along with the registr...

Страница 17: ...y each user but also to limit each person s associated user access role or roles This is especially important on the Firepower Management Center where you perform most of your configuration and analysis tasks For example an analyst needs access to event data to analyze the security of your network but may not require access to administrative functions for the deployment The system includes ten pre...

Страница 18: ...commands To access the appliance using the VGA port sudo usr local sf bin configure_console sh vga To access the appliance using the physical serial port sudo usr local sf bin configure_console sh serial To access the appliance using LOM via SOL sudo usr local sf bin configure_console sh sol 4 To implement your changes reboot the appliance by typing sudo reboot The appliance reboots Using the Web ...

Страница 19: ...nfiguration and event data on the appliance Although the restore utility can retain the appliance s license network console and Lights Out Management LOM settings you must perform all other setup tasks after the restore process completes Traffic Flow During the Restore Process To avoid disruptions in traffic flow on your network Cisco recommends restoring your appliances during a maintenance windo...

Страница 20: ...hts Out Management page 30 Before You Begin Obtain the restore ISO image for the appliance from the Support Site See Obtaining the Restore ISO and Update Files page 20 To restore a Firepower device 1 Copy the image to an appropriate storage medium 2 Connect to the appliance 3 Reboot the appliance and invoke the restore utility What to Do Next Install the ISO image using the procedure in Beginning ...

Страница 21: ...n become corrupted Also do not change the names of the files the restore utility requires that they be named as they are on the Support Site Beginning the Restore Process Begin the restore process by booting the appliance from an internal flash drive After you make sure that you have the appropriate level of access and connection to an appliance as well the correct ISO image use one of the followi...

Страница 22: ...ess Enter For a serial connection type System_Restore at the prompt and press Enter The boot prompt appears after the following choices 0 Load with standard console 1 Load with serial console 5 Select a display mode for the restore utility s interactive menu For a keyboard and monitor connection type 0 and press Enter For a serial connection type 1 and press Enter If you do not select a display mo...

Страница 23: ...e currently installed version of the system until the LILO boot prompt appears For example LILO 22 8 boot System 5 4 System_Restore 3 At the boot prompt start the restore utility by typing System_Restore The boot prompt appears after the following choices 0 Load with standard console 1 Load with serial console 4 Type 1 and press Enter to load the interactive restore menu via the appliance s serial...

Страница 24: ...igurations page 29 After you load the configuration skip to menu option 4 Downloading the ISO and Update Files and Mounting the Image page 27 To restore an appliance using the interactive menu use the following steps 1 1 IP Configuration see Identifying the Appliance s Management Interface page 25 2 2 Choose the transport protocol see Specifying ISO Image Location and Transport Method page 25 Tabl...

Страница 25: ...e management interface appear 4 Select a method to assign an IP address to the management interface Static or DHCP If you select Static a series of pages prompts you to manually enter the IP address network mask or prefix length and default gateway for the management interface If you select DHCP the appliance automatically detects the IP address network mask or prefix length and default gateway fo...

Страница 26: ...sion rules after the appliance is restored to the base version in the ISO image Note that only Management Centers require rule updates The restore utility can only use one system software update and one rule update However system updates are cumulative back to the last major version rule updates are also cumulative Cisco recommends that you obtain the latest updates available for your appliance se...

Страница 27: ...Do Next Continue with the next section Downloading the ISO and Update Files and Mounting the Image Downloading the ISO and Update Files and Mounting the Image The final step before you invoke the restore process is to download the necessary files and mount the ISO image Before You Begin Before you begin this step you may want to save your restore configuration for later use For more information se...

Страница 28: ...store and press Enter For a serial or SOL LOM connection type System_Restore at the prompt and press Enter In either case the boot prompt appears after the following choices 0 Load with standard console 1 Load with serial console 5 Select a display mode for the restore utility s interactive menu For a keyboard and monitor connection type 0 and press Enter For a serial or SOL LOM connection type 1 ...

Страница 29: ...e 30 Saving and Loading Restore Configurations You can use the restore utility to save a restore configuration to use if you need to restore a Firepower device again Although the restore utility automatically saves the last configuration used you can save multiple configurations which include network information about the management interface on the appliance see Identifying the Appliance s Manage...

Страница 30: ...ance s web interface to perform the setup For more information see Initial Setup Using the Web Interface page 12 If you deleted license and network settings you must configure the appliance as if it were new beginning with configuring it to communicate on your management network See Installing the Firepower 8000 Series Device page 9 Note that deleting license and network settings also resets displ...

Страница 31: ...ecause of this Cisco recommends you configure the Firepower 7050 BMC with a static IP address Alternately you can disconnect the network cable and reconnect it or remove and restore power to the device to force renegotiation of the link Before you can restore an appliance using LOM you must enable LOM for both the appliance and the user who will perform the restore Then use a third party Intellige...

Страница 32: ...erial Port then specify the LOM IP address netmask and default gateway or use DHCP to have these values automatically assigned Note The LOM IP address must be different from the management interface IP address of the appliance To enable LOM capabilities for a Firepower System user 1 Select System User Management then either edit an existing user to add LOM permissions or create a new user that you...

Страница 33: ...d verify Please refer to the DoD document for additional constraints Caution Scrubbing your hard drive results in the loss of all data on the appliance which is rendered inoperable You scrub the hard drive using an option in the interactive menu described in Using the Interactive Menu to Restore an Appliance page 23 To scrub the hard drive 1 Follow the instructions in one of the following sections...

Страница 34: ...Related Documentation Firepower 8000 Series Getting Started Guide 34 ...

Отзывы:

Нет отзывов

Похожие инструкции для Firepower 8120

Cigent Technology RECON SENTINEL User Manual preview
RECON SENTINEL
Бренд: Cigent Technology Страницы: 50
StarTech.com EC13942A2 Instruction Manual preview
EC13942A2
Бренд: StarTech.com Страницы: 2
SonicWALL ESA 4300 Getting Started Manual preview
ESA 4300
Бренд: SonicWALL Страницы: 34
Cisco Cisco ASA Series Getting Started preview
Cisco ASA Series
Бренд: Cisco Страницы: 30
Cisco Firepower 1600 Hardware Installation Manual preview
Firepower 1600
Бренд: Cisco Страницы: 44
Cisco ASA 5506-X Quick Start Manual preview
ASA 5506-X
Бренд: Cisco Страницы: 14
Cisco Catalyst 3120 Hardware Installation Manual preview
Catalyst 3120
Бренд: Cisco Страницы: 76
Cisco ASA 5506W-X Configuration Manual preview
ASA 5506W-X
Бренд: Cisco Страницы: 13
Cisco 5520 - ASA IPS Edition Bundle Hardware Installation Manual preview
5520 - ASA IPS Edition Bundle
Бренд: Cisco Страницы: 72
Cisco 515E - PIX Restricted Bundle Getting Started Manual preview
515E - PIX Restricted Bundle
Бренд: Cisco Страницы: 78
Cisco 5520 - ASA IPS Edition Bundle Configuration Manual preview
5520 - ASA IPS Edition Bundle
Бренд: Cisco Страницы: 82
Cisco CSA 90 Series Installation And Maintenance Manual preview
CSA 90 Series
Бренд: Cisco Страницы: 112
Cisco ASA 5550 Series Getting Started Manual preview
ASA 5550 Series
Бренд: Cisco Страницы: 104
Cisco ASA 5585-X Maintenance Manual preview
ASA 5585-X
Бренд: Cisco Страницы: 44
Cisco Firepower 1010 Hardware Installation Manual preview
Firepower 1010
Бренд: Cisco Страницы: 50
Cisco 380 Series Hardware Installation Manual preview
380 Series
Бренд: Cisco Страницы: 56
Cisco Firepower 1100 Getting Started Manual preview
Firepower 1100
Бренд: Cisco Страницы: 178
Cisco 5510 - ASA SSL / IPsec VPN Edition Getting Started Manual preview
5510 - ASA SSL / IPsec VPN Edition
Бренд: Cisco Страницы: 208

Бренды по названию

Популярные бренды

Загрузить еще бренды