Integrating Cisco FMC into EVE-NG empowers you to test and deploy Cisco security solutions in a controlled environment. By following this guide, you can set up FMC in EVE-NG and explore its capabilities for managing and securing networks effectively.
EVE-NG (Emulated Virtual Environment Next Generation) is a versatile platform for building and testing virtualized network environments. Cisco Firepower Management Center (FMC) is an essential tool for managing Cisco Firepower Threat Defense (FTD) devices. Adding the FMC image to EVE-NG enables you to build comprehensive labs for security testing and learning.
This blog provides a step-by-step guide to integrating Cisco FMC into your EVE-NG environment.
Table of contents
- Prerequisites
- Obtain the Cisco FMC QCOW2 Image
- Prepare the EVE-ng environment
- Upload the Image to EVE-NG
- Rename and Fix Permissions
- Verify Image Integration
- Initial Configuration
- TIPS and Best Practices
- Troubleshooting
Prerequisites
- EVE-NG Installed: Ensure you have EVE-NG Professional or Community edition installed and running.
- Cisco FMC Image: Download the FMC QCOW2 image from Cisco’s official website. (Ensure you have the appropriate licensing and agreement.)
- Access to EVE-NG CLI: SSH access to the EVE-NG server.
- File Transfer Tool: Tools like WinSCP or FileZilla to transfer files to the EVE-NG server.
- Basic Linux Knowledge: Familiarity with Linux commands is helpful.
Step 1: Obtain the Cisco FMC QCOW2 Image
- Download the Image:
- Log in to Cisco Software Central.
- Search for the Cisco FMC image and download the QCOW2 version compatible with your environment.
- Verify the Image:
- Ensure the file is not corrupted and matches the checksum provided by Cisco.
Step 2: Prepare the EVE-NG Environment
1. Access EVE-NG CLI: Use an SSH client (e.g., PuTTY) to connect to your EVE-NG server.
2. Navigate to the Image Directory:
cd /opt/unetlab/addons/qemu
3. Create a Directory for FMC:
mkdir -p fmc-x.x.x
Step 3: Upload the Image to EVE-NG
Transfer the QCOW2 File:
Use WinSCP or FileZilla to upload the FMC QCOW2 file to the /opt/unetlab/addons/qemu/fmc-x.x.x
directory.
Verify the Upload:
ls -l /opt/unetlab/addons/qemu/fmc-x.x.x
Step 4: Rename and Fix Permissions
1. Rename the QCOW2 File: The FMC image must be named hda.qcow2 for EVE-NG to recognize it.
mv <original-filename>.qcow2 hda.qcow2
2. Fix Permissions:
/opt/unetlab/wrappers/unl_wrapper -a fixpermissions
Step 5: Verify Image Integration
- Login to EVE-NG Web Interface:
- Open a browser and navigate to the EVE-NG web UI.
- Login with your credentials.
- Create a New Lab:
- Create a lab or open an existing one.
- Add FMC to the Lab:
- In the node configuration window, look for the FMC image.
- Add the FMC node to your lab.
- Start the Node:
- Power on the FMC node and confirm it boots successfully.
Step 6: Initial Configuration
- Access the FMC Console:
- Connect to the FMC node console using the EVE-NG web interface.
- Configure Network Settings:
- Assign an IP address and other required settings for management access.
- Log In to FMC:
- Open a browser and access the FMC GUI using the assigned IP.
Tips and Best Practices
- Resource Allocation: FMC requires significant CPU and RAM. Allocate at least 4 vCPUs and 8 GB RAM.
- Licensing: Ensure you have the correct licenses for your FMC and associated devices.
- Backup Configuration: After configuring the FMC, take a snapshot of your lab to save the state.
Troubleshooting
- Boot Issues:
- Verify the image file integrity and ensure it is named
hda.qcow2
. - Check the EVE-NG version for compatibility with the FMC version.
- Verify the image file integrity and ensure it is named
- Node Not Appearing:
- Confirm permissions using the
fixpermissions
command. - Ensure the directory and image naming conventions are correct.
- Confirm permissions using the