Today we're going to go through white text to deploy a fire power FTD device in transparent mode now this is a part of some trading that I am doing in regards to the CCIE / CCNP Security - and this is one of the topics on the blueprint, So I've decided what I'm going to do is in aid of my learning and also helping to continue deliver content.
You know drop me a line in the comments section reach out to me on Twitter, Instagram or any of my social media platforms and also my website now whiskycom. If you found this article useful, Please like and subscribe, And if you want to stay up to date with the latest articles that I release especially around the CCIE related material, Please do hit that notifications tab so that you will be kept up to date with all The latest articles I post so the structure of this today is we're gonna, Go through a brief overview of transparent mod before we go into a lab and we actually configure a FTB device and Jolley to the FMC with with transparent mod. So this is the this is the same theme that the upcoming labs and demonstrations will take. The main point of this is not to discuss the topics in great detail because as configuration guides as certification guides as white papers, Etc are already out there. So I don't want to do that, Because I've gone through that as part of my training, So that you know that's your job to go through that. The main purpose of this article is to actually sure the the configuration aspect of it, And especially for those that can access this, This sort of equipment to help them with their with their studies as well.
So, Let's jump straight in so I've got some main points here and again, As I said, These are just main points that I've picked out. It is worth covering the blueprint topics by using the certification guides and Sysco white papers, Etc. But the main points are, I have pointed out, For this session are the following: so with transparent, More modders a deployment mode, It operates as a layer two, So essentially it's a bump in the wire, As opposed to routed mod, Which is operating in layer 3. So what this means is you don't need to assign an IP address aside from the management IP address to the device, So this makes it easier to place a firewall or plessy FTD device into an existing network without disruption disrupting the existing infrastructure, Whereas a layer free Firewall you would need to accommodate additional IP addresses for each interface, So t said only a management IP address exists. You can assign IP addresses to the bridge virtual interfaces.
Physical and virtual devices support transparently block deployment. So you can, If you do, Have access to virtual FTD's and FMC's. You can do this yourself as well, And likewise, If you've got physical equipment, You can also make use of the deployment more transparent mod in order to change the deployment mode, You must first remove it from an MMC. So if it's managed, If you've got an FTD, That's being managed by an MMC, So a fire power management Center, You first need to remove that all those managers before you can proceed with changing the mod, And this is not just for changing it to transparent.
This is also changing it to routed mode as well. If you're going down that rule, Transparent mode deployments require the FMC. So when deploying transparent mode, You cannot locally manage that device, And by that I mean you need to use an MMC to manage a device. That is deployed in transparent mode, So you can't use the local unbox manager, Which is the fire powered device manager, Deployment mods. That can only be changed in the CLI, So you can't do this on the GUI so, Whether that be FM c FD m.
You need to do this on the CLI, So you do that by connecting to the management IP address over ssh or console whatever it may be, And you can change that mode there and that's something that we're gonna look at in the upcoming lab shortly. Transparent can block traffic in line. So if you deploy a FTD device, Inline and transparent, You can block traffic. However, If it's acting as a transparent, Passive device or if it's impassive, You're not going to be able to block traffic, So you know access more of an IDs sort of thing.
Jeffrey generated from the FTD is done so via the bridge. Virtual interfaces are not the physical interface or the universes. Last of all, If dynamI Rubens used it's best to trust our fast path using pre filter policies, This this type of traffic, So not to inspect it, And this is just because it puts an extra burden on on the device. So that were quick overview of the main points that I jotted down as I was going through the content and now what we're going to take a look at is how to actually configure transparent, Mod and add the device to the fire power management center.
So, Just before we do that the steps are as followed on your screen, So I've got five steps. Basically, What you need to do is connect to the FTD device via the management IP. Then you need to remove any managers that are already configured.
Then you need to configure transparent mode, Then configure the managers again, Which is the FMC's and then last of all, You need to add the manage devices or devices to be managed to the FMC. So for our demonstration today we have a fire power device here, Which is sat in between two rulers, So you've got root 3 and root 2 for the purpose of this demonstration, All the equipment is actually running and live as you can see, And we're also not Going to be using the management machine directly, However, We'll have access to a machine whereby we can access the FMC, Which is located at DISA dress here, So we're essentially configuring transparent mode and with join in the FTD to the FMC. So with that, Let's switch over now to the CLI of the FTD device and let's begin so.
First of all, We want to have a look and see, For any managers are configured, So we would do show managers and we can see that we have a manager configured. So what we need to do is we need to remove the manager before we can proceed. So to do that, But do configure manager delete and that should delete any managers on this device and we can verify that with the show managers command once this has been processed so depending on resources, Etc. It may take a minute so just be patient with it and don't think that is, Crashed or reconnecting or anything like that. You simply move in the FMC from the FTD device, So you can see there now that the manager is successful.
It deletes it. So what we'll do again is will do is show managers we can see now that no managers are configured which is good. Now we want to do is want to configure the firewall so that it's in transparent mode as a deployment mode rather than ruied. So we'll do configure firewall and if we look at the options we can see, We've got to deployment mods here, So we've got routed, Which is the layer free, Traditional way of firewall and if you like and then we've got transparent mod, So we're gonna go ahead And go with transparent, So you can see there that it gives it a prompt that says this will destroy any current interface configurations.
Are you sure you want to proceed so we're gonna go ahead and press yes for that, And we can see that the firewall mode are successfully being changed now I want to do. Is we want to add that back now to or configure a FMC as a manager? So what we'll do is we'll do configure manager ad and what we can do is we can configure the IP address if non, Whether that be ipv6, Ipv4 and the ask name or if we don't know the address and we can use a dot resolve with for Four devices that are behind than that for us, We already know the IP address, So we're gonna go with the ipv4 address, Which in our case is 192, 168, 1, 1, 0, 250, And now it should be asked for a key. So this can be any key after numeric between 2 and 36 characters. So for the purpose of this demonstration, We'll just go with the Cisco all in lower case t'll be processed, And we should be. We should be prompt once the configuration has been applied to the FTD again, We just give it a few minutes, So we can see now that the manager has successfully being configured and we are asked to make a note of the registration key which in our case Was all cisco because we'll need adding a device to the FMC? So now, If we do show managers, We should see that configuration that we've just put in and we can see that the registration status is pending in a minute. So what that means is we haven't added it to the FMC? Yet so what we'll do now we'll go ahead and we'll flip over to the FMC, Because I saw a configuration done on the FTD and we'll attempt to add this device to the FMC.
So we have the FMC open here so to add a device to the FMC. We go to devices device management and what we need to do is we need to add device and the host is the IP address, So my cost of the so the management IP address of the FTD is one seven, Two, Sixteen 15. I believe it is. We can change the display name.
Let's call this one transparent firewall, Our registration key was Cisco, All in lowercase I'll, Just give it a default default access control policy which is already being configured. If you are doing this for the first time, You may not have any access control policies configured, So you will need to create one again. We group we'll leave that as non enroll assign, Let's just say for instance, Of malware license. We don't need to use the advanced, Unique net ID feature again, As for devices that are behind behind nut devices.
So, Although we'll leave, Transfer packets, Which is ticked by default, Enables the communication between the two devices, The FMC and the FTD and we'll go ahead now and we'll register give this a few minutes. We should start to see this change to start the registration now for this transparent device or transparent firewall, As we call it, And now we can see that the device registration is now completed and it's gonna reload. So we can see that our device - 172 615 has been now added. We can see now that it's registering the device and that will our process should take a couple of minutes to complete before it's is finished, And that is simply how you add, A device to the FMC once configured for transparent mode. So again, Thank you for reading.
I'Ve got a few useful links here that you may make use of. I will add them in the article description at the end and, As I said, The main purpose is to discuss CCIE topics as we go through the different parts of the blueprint. So please do join me again where we may look a little bit further into transparent firewalls and now we can actually configure the interfaces themselves as as BVI's and so forth.
We would be discussing the ways for clearing. I would suggest you focus on the below-mentioned resources and also check out the Cisco CCNA 200-301 Dumps offered at the EveDumps, they are the best when it comes to Certifications Vendor.