In addition to the Marketplace-based deployment, Cisco provides a compressed virtual hard disk (VHD) that you can upload to Azure to simplify the process of deploying the Firepower Management Center Virtual in Azure.
Using a Image and two JSON files (a Template file and a Parameter File), you can deploy and provision all the resources for the Firepower Management Center Virtual in a single, coordinated operation.
To deploy using a VHD image, you must upload the VHD image to your Azure storage account. Then, you can create a image using the uploaded disk image and an Azure Resource Manager template.
Azure templates are JSON files that contain resource descriptions and parameter definitions.
Please refer the NGFWv/FTDv deployment procedure and this FMCv deployment is very similar to that.
Azure NGFWv quick start guide
-
Download the Firepower Management Center Virtual vhd image from Cisco Download Software download page.
e.g. 6.6.0-90 NGFWv image can be downloaded from:
URL : https://software.cisco.com/download/home/286259687/type/286271056/release/6.6.0
File : [ Firepower Management Center Virtual v6.6.0 on Azure ] Cisco_Firepower_Mgmt_Center_Virtual-6.6.0-90.vhd.bz2 -
Create a linux VM in Azure, un-compress the *.bz2 & upload the VHD image to container in Azure storage account.
-
Create a Image from the VHD and acquire the Resource ID of the newly created Image.
-
Use the ARM template to deploy a Firepower Management Center Virtual using the image.
-
Update the parameters in the parameters template file(json) and use it to provide the parameters to the ARM template.
-
Review and purchase the template to deploy Firepower Management Center Virtual.
-
Configure the FMCv/Firepower Management Center Virtual
- Image ID (created using the downloaded vhd)
- Virtual network with at least 1 subnet for management interface.
-
vmName: The name the Firepower Management Center Virtual VM will have in Azure.
e.g. cisco-fmcv -
vmImageId: The ID of the image used for deployment. Internally, Azure associates every resource with a Resource ID.
e.g. /subscriptions/f160cf7e-ae69-4e9f-8ad0-b434b9a63755/resourceGroups/blr-virtual-images-rg/providers/Microsoft.Compute/images/cisco-fmcv-640102 -
adminUsername: The username for logging into Firepower Management Center Virtual. This cannot be the reserved name "admin".
e.g. jdoe -
adminPassword: The admin password. This must be 12 to 72 characters long, and include three of the following: 1 lower case, 1 upper case, 1 number, 1 special character.
e.g. Password@123123 -
customData: The field to provide Day 0 configuration to the FMCv. By default it has 2 key-value pairs to configure 'admin' user password and the FMCv hostname.
e.g. {"AdminPassword": "FmcvPass@123123", "Hostname": "cisco-fmcv", "ntp1": "", "ntp2": "" } -
vmStorageAccount: Your Azure storage account. You can use an existing storage account or create a new one. The storage account name must be between 3 and 24 characters, and can only contain lowercase letters and numbers.
e.g. testfmcvstorage -
virtualNetworkResourceGroup: The name of the virtual network's Resource Group. The Firepower Management Center Virtual is always deployed into a new Resource Group.
e.g. test-fmcv-rg -
virtualNetworkName: The name of the virtual network.
e.g. test-fmcv-vnet -
mgmtSubnetName: The management interface will attach to this subnet. This maps to Nic0, the first subnet. Note, this must match an existing subnet name if joining an existing network.
e.g. mgmt -
mgmtSubnetIP: The Management interface IP address.
e.g. 10.4.0.15 -
vmSize: The VM size to use for the Firepower Management Center Virtual VM. Standard_D4_V2 & Standard_D4 are supported.
e.g. Standard_D4_V2
This project is licensed under the Apache License, Version 2.0 - see the LICENSE file for details.
Copyright (c) 2020 Cisco Systems Inc and/or its affiliates.