Cisco Firepower Threat Defense (FTD) is one of the leading security solutions in the networking domain, widely used for intrusion prevention, advanced malware protection, and URL filtering. For network engineers, especially those preparing for the CCIE Security v6 exam, EVE-NG serves as an invaluable tool to simulate complex network environments, including FTD deployments.
This blog provides a detailed step-by-step guide on adding Cisco FTD to EVE-NG to enhance your lab experience.
Why Use Cisco FTD on EVE-NG?
- Hands-On Practice: EVE-NG provides a platform for hands-on learning and lab preparation.
- Cost-Effective: Virtual labs reduce the need for physical hardware.
- Exam Preparation: Cisco FTD is integral to CCIE Security v6, and EVE-NG helps replicate real-world scenarios.
Table of Contents
- Download the Cisco FTD Image
- Create a Cisco FTD image folder
- Upload the image to EVE-NG
- Fix Permissions
- Add Node in the EVE-NG
- Tips for Smooth Setup
- Troubleshooting
Step 1: Download the Cisco FTD Image
You have two options to download the Cisco FTD image:
- Cisco Official Website:
- Log in to Cisco Software Central.
- Search for the FTD image compatible with your lab.
- Download the
.qcow2file for virtualized environments.
- Alternate Source:
- Use an alternate, pre-approved link to download the required
.qcow2image.
- Use an alternate, pre-approved link to download the required
Step 2: Create a Cisco FTD image Folder
1. Navigate to the QEMU Directory:
cd /opt/unetlab/addons/qemu
2. Create a Directory for the FTD Image:
mkdir -p firepower6-FTD-6.4.0-362
Replace 6.4.0-362 with the version of your Cisco FTD image.
Step 3: Upload the Image to EVE-NG
1. Transfer the Image:
Use tools like FileZilla or WinSCP to upload the downloaded FTD .qcow2 file to the EVE-NG server.
2. Upload the image to /opt/unetlab/addons/qemufirepower6-FTD-6.4.0-362.
3. Verify the Upload:
SSH into your EVE-NG server and check if the file exists in the directory:
ls -l 2/opt/unetlab/addons/qemufirepower6-FTD-6.4.0-36
Step 4: Fix Permissions
1. Set Correct Permissions:
/opt/unetlab/wrappers/unl_wrapper -a fixpermissions
2. Verify Permissions:
Check that the permissions are properly applied:
ls -l /opt/unetlab/addons/qemu/firepower6-FTD-6.2.0-362
Step 5: Add FTD Node in EVE-NG
- Access the EVE-NG Web Interface:
- Open a browser and log in to the EVE-NG web UI.
- Create or Open a Lab:
- Create a new lab or open an existing one.
- Add the FTD Node:
- In the node configuration menu, locate the newly added FTD image and add it to the lab topology.
- Start the FTD Node:
- Power on the node and connect to the console to verify a successful boot.
Tips for a Smooth Setup
- Resource Allocation:
- Allocate at least 4 vCPUs and 8 GB of RAM to the FTD node for optimal performance.
- File Naming:
- Ensure the image is named
hda.qcow2to prevent any boot issues.
- Ensure the image is named
- EVE-NG Version:
- Use an updated version of EVE-NG to ensure compatibility with the latest Cisco FTD images.
Troubleshooting
- Node Not Booting:
- Double-check the file permissions and ensure the image is correctly named.
- FTD Not Listed in EVE-NG:
- Verify the directory structure and fix permissions again.
- Performance Issues:
- Increase resources (RAM, vCPUs) allocated to the FTD node.