1. Download the Cisco FireSIGHT Management Center Virtual Appliance from Cisco Support & Downloads site.
2. Download VM ESXI.
You need to have the following license:
Control License , Cisco Intrusion Protection (IPS)
RDP Sourcefire via WEB
1. Health Monitor – Should be green
2. Health Policy – Enable the ff:
CPU Usage – Of the system
Card Reset – reset if something wrong is detected
Discovery Events Status –
User Agent Status Monitor –
3. Health Event – List of events of health check gives the status by the system run periodically.
4. Blacklist – If you want to disable the device (When you perform maintenance of the system and will not be available for a certain period of time)
5. Health monitor alert.
6. After Configuring Device Mgmt verify health policy the apply.
1. Local-System Policy – Configuration & System default policy.
2. Updates – Product update Download or Upload patch, Rule Updates and Geolocation Updates must be set.
3. Licenses – Add Licenses (REQ: Control License and IPS)
4. Monitoring –
5. After Configuring Device Mgmt verify health policy the apply.
1. Add group
2. Add device – Fill the following (Note: registration key must be the same with the Firewall Firepower.
3. SSH to firepower service – Make the firesight IP know to Firepower
>configure manager add 10.X.X.X (Firesight IP) cisco (key)
>Show managers (To verify)
1. Access Control – logging check the log at end of connection send to defense center.
ON FIREWALL: Need to redirect traffic to the service module.
1. Create ACL, Class map and policy map.
2. Verify Show service-policy.
164.1 – Creating network object to define IP address scope.
1. Individual Object (fillup name and network)
2. Modify Discovery policy delete the default and add the object
Policies > network discovery
Create new topology
164.3 – Create Policies
1. Policies > Action > Instances
2. Scanner NMAP