[franciscoe]

Has anyone tried to add any of the CISCO NGFW to Netbrain? I can't find any support. We currently have the FMC (Firepower Management Console) and 4 FP4120 (Firepower). We are upgrading all of our ASA to FTDs or FP.

[NetBrainTAC]

Hi,

Currently, we don't support it and our team is working on it, I will provide the new driver to you once it's ready.

[Glenn]

Any updates on a driver for the Cisco Firepower devices?
I have two 2140's in a HA pair that need the NetBrain driver.

[rahul.chaudhary]

For FMC/FTD 2100 series.
Try with FMC --> Device--> device management --> Firewall--> SNMP V2c
Community string should be simple word i.e netbrian (Don't use any special characters).

For FTD 4100 Series
Try with firepower chassis manager (management IP) --> platform setting--> SNMP
Community string should be simple word i.e netbrian (Don't use any special characters).

[JohnSmith]

The login script for different firepowers are different.
You may modify the built-in Cisco ASA driver as a try.
If you don't know where to modify the driver, go to online help and search.

[lheavrin]

We worked with NetBrain support to get a driver for our Cisco Firepower 4110s and 9300s; however, we run transparent cluster and there's a bug where you can't SSH to a BVI on the 9300s and it wont be fixed until 6.2.3.7 release in late November. I got the 4110s working though in routed mode.

I had to tweak the login settings and just trial and error to see what worked.

[Baykahn]

I can see the configs in netbrain now but it does not interpret the ACL or fw rules properly if at all. I do a path and it treats the path like a router and says all good. Obviously we want netbrain to tell us the packets will be allowed or dropped and that does not seem to be happening.
Also noted on the ASAs, if the host belongs to a group then the group id is referenced it does seem to ignore it being in a rule. When the rules uses an ip it seems to work.

[NetBrainTAC]

Quote:

Originally Posted by Baykahn

I can see the configs in netbrain now but it does not interpret the ACL or fw rules properly if at all. I do a path and it treats the path like a router and says all good. Obviously we want netbrain to tell us the packets will be allowed or dropped and that does not seem to be happening.
Also noted on the ASAs, if the host belongs to a group then the group id is referenced it does seem to ignore it being in a rule. When the rules uses an ip it seems to work.

Hi,

May I know which version are you running now? IEv7.1 or EEv6.2?
NetBrain should be able to support the host belongs to a group, could you please find this path and send us the map file for further analysis and evaluate if we could provide a patch to support it? Please kindly send this map file to [email protected], thank you.

[sthomason]

I am having a similar. We have 5500x models and currently it now maps correctly but you only get the interface configuration from SNMP. All the connections test as successful.