Install a Firewall Manager Connector to Support an SEC Using Your VM Image
The Firewall Manager Connector VM is a virtual machine on which you install an SEC. The purpose of the Firewall Manager Connector is solely to support an SEC for Cisco Security Analytics and Logging (SaaS) customers.
This is the first of three steps you need to complete in order install and configure your Secure Event Connector (SEC). After this procedure, you need to complete the following procedures:
Before you begin
-
Purchase the Cisco Security and Analytics Logging, Logging and Troubleshootinglicense, you may also purchase the Logging Analytics and Detection and Total Network Analytics and Monitoring licenses to apply Secure Cloud Analytics to the events.
If you would rather, you can request a trial version of Security Analytics and Logging by logging in to Firewall Manager, and on the main navigation bar, choose and click Request Trial.
-
Firewall Manager requires strict certificate checking and does not support a Web/Content Proxy between the Firewall Manager Connector and the Internet.
-
The Firewall Manager Connector must have full outbound access to the Internet on TCP port 443.
-
Review Connect to Security Cloud Control Firewall Management using Secure Device Connector to ensure proper network access for the Firewall Manager Connector.
-
VMware ESXi host installed with vCenter web client or ESXi web client.
We do not support installation using the vSphere desktop client. -
ESXi 5.1 hypervisor.
-
Ubuntu 22.04 and Ubuntu 24.04.
-
System requirements for a VM to host only a Firewall Manager Connector and an SEC:
-
CPU: Assign 4 CPUs to accommodate the SEC.
-
Memory: Assign 8 GB of memory for the SEC.
-
Disk Space: 64 GB
-
-
Users performing this procedure should be comfortable working in a Linux environment and using the vi visual editor for editing files.
-
Gather this information before you begin the installation:
-
Static IP address you want to use for your Firewall Manager Connector.
-
Passwords for the root and Firewall Manager users that you create during the installation process.
-
The IP address of the DNS server your organization uses.
-
The gateway IP address of the network the Firewall Manager Connector address is on.
-
The FQDN or IP address of your time server.
-
-
The Firewall Manager Connector virtual machine is configured to install security patches on a regular basis and in order to do this, opening port 80 outbound is required.
-
Before you get started: Do not copy and paste the commands in this procedure into your terminal window, type them instead. Some commands include an "n-dash" and in the cut and paste process, these commands can be applied as an "m-dash" and that may cause the command to fail.
Procedure
| 1 |
Log on to Firewall Manager. |
||
| 2 |
In the Security Cloud Control platform menu, choose . |
||
| 3 |
From the left pane, . |
||
| 4 |
Click the |
||
| 5 |
Using the link provided, copy the SEC Bootstrap Data in step 2 of the "Deploy an On-Premises Secure Event Connector" window. |
||
| 6 |
Once installed, configure basic networking such as specifying the IP address for the Firewall Manager Connector, the subnet mask, and gateway. |
||
| 7 |
Configure a DNS (Domain Name Server) server. |
||
| 8 |
Configure a NTP (Network Time Protocol) server. |
||
| 9 |
Install an SSH server for easy interaction with Firewall Manager Connector's CLI. |
||
| 10 |
Install the AWS CLI package ( https://docs.aws.amazon.com/cli/latest/userguide/awscli-install-linux.html)
|
||
| 11 |
Install the Docker CE packages ( https://docs.docker.com/install/linux/docker-ce/centos/#install-docker-ce)
|
||
| 12 |
Start the Docker service and enable it to start on boot:
|
||
| 13 |
Create two users: Firewall Manager and sdc. The Firewall Manager user will be the one you log-into to run administrative functions (so you don't need to use the root user directly), and the sdc user will be the user to run the Firewall Manager Connector docker container.
|
||
| 14 |
Configure the sdc user to use crontab:
|
||
| 15 |
Set a password for the Firewall Manager user.
|
||
| 16 |
Add the Firewall Manager user to the "wheel" group to give it administrative (sudo) privileges.
|
||
| 17 |
When Docker is installed, there is a user group created. Depending on the version of CentOS/Docker, this may be called either "docker" or "dockerroot". Check the /etc/group file to see which group was created, and then add the sdc user to this group.
|
||
| 18 |
If the
|
||
| 19 |
If you are currently using a vSphere console session, switch over to SSH and log in as the Firewall Manager user. Once logged in, change to the sdc user. When prompted for a password, enter the password for the Firewall Manager user.
|
||
| 20 |
Change directories to /usr/local/Firewall Manager. |
||
| 21 |
Create a new file called bootstrapdata and paste the bootstrap data from Step 1 of the deployment wizrd into this file. Save the file. You can use vi or nano to create the file. |
||
| 22 |
The bootstrap data comes encoded in base64. Decode it and export it to a file called extractedbootstrapdata
Run the cat command to view the decoded data. The command and decoded data should look similar to this:
|
||
| 23 |
Run the following command to export the sections of the decoded bootstrap data to environment variables.
|
||
| 24 |
Download the bootstrap bundle from Firewall Manager.
|
||
| 25 |
Extract the Firewall Manager Connector tarball, and run the bootstrap_sec_only.sh file to install the Firewall Manager Connector package.
|
icon and then click