I visited Jewel Changi to grab some lunch at Burger and Lobster. The Jewel has a dome-shaped facade made out of glass and steel. It has the largest indoor waterfall called the Rain Vortex, which harvest and recirculates rainwater.
I tried the signature lobster roll, which is stuffed with chilled lobster chunks dressed in Japanese mayo and lemon on a toasted brioche bun. I ordered the set meal that comes with a salad and fries.
You'll need to perform some tweaking or optimize the FTD System Settings, which is under Device tab > Updates > View Configuration.
Under Geolocation > click Update Now. Note the Geolocation Update might take up to 45 mins to complete (depending on the ISP speed/bandwidth).
Click See Task List.
Just leave the Geolocation Update run in the background.
Under Rule > Update Now > click Yes to deploy the updated Rule database.
Under VDB (Vulnerability Database) > Update Now > click Yes to deploy the updated VDB.
Under Security Intelligence Feeds > click Update Now.
You can also view all Task List by clicking the check mark icon on top.
Note you can only perform a minor patch or upgrade (REL.tar file) using the System Upgrade.
Note the Status of each Update was successfully downloaded and immediately executed.
Refresh the web browser and note the Geolocation and Rule Updates were updated to 2020-09-09.
Notice the orange/amber dot in Deployment (top). Click Deployment to view pending deployment or change.
Notice the Rule Update is still running.
You can also customize the frequency and the specific time to perform the update by clicking Configure under each update.
It's important to configure the NTP server and time zone in order to have a synchronized date/time.
Go to back to Device (top) > Backup and Restore > click View Configuration.
You
can either perform a manual or a scheduled a Backup. To perform a quick FTD backup, go to Manual Backup > click Back
Up Now.
Type a Name: ftd-6-5-14Sept2020 > click Back Up Now.
Click See Task List.
The Manual Backup took around 5 minutes to complete.
Go to Device > Troubleshoot > click Request File To Be Created.
This will
generated a .tar.gz file which is provided to Cisco TAC for
their analysis and roubleshooting purpose (similar to a show tech-support command).
Click See Task List.
The Troubleshoot file took around 7 mins to complete.
Click download (blue icon) to download the Troubleshoot file (a 49 MB file).
Go to back to Device > System Settings > Management Access.
Go to Management Access > Management Interface tab.
This is where you can lock down specific IP address or subnet to
access FTD Management IP address.
I initially tried to SSH to 192.168.1.1 (the FTD Gateway IP address) but wasn't successful.
Under Actions column > click Edit (blue pencil icon on the right most column).
Under Protocols > add SSH > click OK.
Notice
the Deployment turned orange/amber (top).
Click Deploy Now.
Click
OK to exit (or click x).
I tried to SSH again to 192.168.1.1 and got a prompt to accept the SSH key. Click Yes to Continue.
Go to Device > System Settings > Management Access > Logging Settings.
Enable Internal Buffer (click the toggle icon) > under Severity level for filtering all events > select Information (Syslog Level 6).
Under Buffer Size > type 4096 (in KB) > click Save (bottom).
Go to DHCP Server > click Delete for the default DHCP Server for the inside interface.
Click OK.
Go to Configuration tab to view the DHCP configuration for the outside interface (and other interface).
This is similar to the ASA command ip address dhcp setroute command.
Go to DNS Server.
This is the DNS Servers (Cisco OpenDNS/Umbrella) created during the initial setup and used by Management interface to reach the Cisco cloud for Smart License and fetch updates.
Go to Management Interface. Notice the Use the Data Interfaces as the Gateway is selected (default) since Management1/1 is connected to Ethernet1/2 and it's able to reach the Internet via the outside interface.
Change the Management IP address to 192.168.1.45/24 > under Enable DHCP Server > click to disable (toggle the blue switch).
Click Save > OK.
You'll temporarily lose FDM access.
Just refresh the web browser and re-login to FDM using the Gateway IP 192.168.1.1.
Go to Hostname to change the device hostname.
Go to NTP to change NTP servers (default is Cisco Sourcefire public NTP servers).
Go to Cloud Services. This is where you can enable or allow the FTD device for Cisco Defense Orchestrator (CDO), Cisco Success Network, Web Analytics and Send Events to the Cisco Cloud.
I disabled Web Analytics by clicking Disable.
In
FTD 6.4 and earlier, there's no option to do a shutdown or reboot via FDM. You
can only perform these via CLI. See 6.4 Device dashboard below.
In FTD 6.5 and above, there's an option to perform a graceful shutdown or reboot via FDM under Reboot/Shutdown option.
Below is the message when you shut down the FTD appliance.
Broadcast messarom root@firepower (Mon Sep 14 10:37:14 2
Threat Defense System: CMD=-stop, CSP-ID=cisco-ftd.6.5.0.115__ftd_001_JMX2324G1THX8U79N1, FLAG=''
Cisco FTD stopping ...
Stopping Cisco Firepower 1010 Threat Defense......ok
Skipping sfifd for this platform...
Stopping nscd... [ OK ]
Turning off swapfile /ngfw/Volume/.swaptwo
Stopping system log daemon... [ OK ]
Stopping Threat Defense ... [ OK ]
Cisco FTD stopped successfully.
Stopping OpenBSD Secure Shell server: sshd
stopped /usr/sbin/sshd (pid 12227)
done.
Stopping Advanced Configuration and Power Interface daemon: stopped /usr/sbin/acpid (pid 1944)
acpid.
Stopping system message bus: dbus.
stopping mountd: done
stopping nfsd: done
Stopping ntpd: stopped process in pidfile '/var/run/ntp.pid' (pid 12596)
done
Stopping random number generator daemon.
Stopping internet superserver: xinetd.
stopping statd: done
no /etc/sysconfig/kdump.conf
Stopping rpcbind daemon...
acpid: exiting
not running.
Stopping network management services: snmpd snmptrapd.
Stopping fan control daemon: fancontrol... no process in pidfile '/var/run/fancontrol.pid' found; none killed
done.
Stopping sensors logging daemon: sensord... stopped /usr/sbin/sensord (pid 3832)
done.
Deconfiguring network interfaces... done.
ip6tables: Setting chains to policy ACCEPT: mangle filter [ OK ]
ip6tables: Flushing firewall rules: [ OK ]
ip6tables: Unloading modules: [ OK ]
iptables: Setting chains to policy ACCEPT: mangle filter raw [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
Mon Sep 14 10:37:28 UTC 2020
SSP-Security-Module is shutting down ...
Mon Sep 14 10:37:28 UTC 2020 SHUTDOWN WARNING: Beginning System Shutdown request for CSP Apps
Mon Sep 14 10:37:28 UTC 2020 SHUTDOWN WARNING: Continue System Shutdown request for CSP Apps
Mon Sep 14 10:37:29 UTC 2020
FPR-1xxx platform rebooting ...
Note: SIGKILL_ALL will be triggered after after 1 + 2 secs ...
Mon Sep 14 10:37:31 UTC 2020
Sending ALL processes the KILL signal ...
Mon Sep 14 10:37:32 UTC 2020
Before reset - ALLEYCAT bit is 0
During reset - ALLEYCAT bit is 1
After reset - ALLEYCAT bit is 0
Successfully reset the switch
Deactivating swap...
Unmounting local filesystems...
grep: error while loading shared libraries: libpcre.so.1: cannot open shared object file: No such file or directory
System is stopped.
It is safe to power off now.
Do you want to reboot instead? [y/N]
Below is the message when you perform a reboot.
You can check the Category for a specific URL under Traffic Settings > URL Filtering Preference.
The URL License is currently disabled.
Go
to Device > Smart License > View Configuration to enable the FTD Smart Licenses.
Click Enable under URL License.
Go back to URL Filtering Preferences > under URL to Check > type: www.poker.com > click Go (it will automatically open a new web browser).
Notice the Content Category is Gambling.
Click Deployment > Deploy Now to save changes.
Go
to Monitoring tab (top) > System. This is where you can find the Firepower model or platform, Software version, VDB and Rule Update version, Average Throughput, etc.
