Cisco Firepower 6
Cisco Firepower 6
Cisco Firepower 6
Cisco dCloud
Requirements
Topology
Get Started
POV Process
Training
Deployment
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 39
Lab Guide
Cisco dCloud
What’s Next?
Requirements
The table below outlines the requirements for this preconfigured demonstration.
Required Optional
Topology
This content includes preconfigured users and components to illustrate the scripted scenarios and features of the solution.
Most components are fully configurable with predefined administrative user accounts. You can see the IP address and user
account credentials to use to access a component by clicking the component icon in the Topology menu of your active
session and in the scenario steps that require their use.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 39
Lab Guide
Cisco dCloud
IMPORTANT: There are two options to log in to FMC. The first option is to use the username dcloud, while the second option is
to use a username of your CEC. In both cases, the password will be set to your unique dCloud session ID, which you can find in
your dCloud session details.
Get Started
Follow the steps to schedule a session of the content and configure your presentation environment.
1. Initiate your dCloud session. [Show Me How]
2. For best performance, connect to the Jumper with Cisco AnyConnect VPN [Show Me How] and the local RDP client
on your laptop. [Show Me How]
NOTE: You can also connect to Jumper using the Cisco dCloud Remote Desktop client, though many users experience
connection and performance issues with this method. [Show Me How]
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 39
Lab Guide
Cisco dCloud
POV Process
A POV is a customer engagement that demonstrates unique business value during an on-site engagement. The POV
process requires proper scoping to identify customer win criteria. Win criteria are used to focus the onsite engagements on
the solution elements that are most important to a particular customer. Appendix A includes scoping questions to help
establish win criteria for FTD POVs.
Most partner-executed POVs will be tactical leveraging FTD and dCloud hosted Firepower Management Centers (FMCs).
All customer configurations should be implemented prior to arriving on site based on predefined customer evaluation data
including network, management, span port, and power. A worksheet to collect this information is available in Appendix B.
The following sections cover system installation and configuration steps for a partner executed POV. All items must be
completed together for the system to work properly during the customer engagement. After the POV, complete the POV
Outcome worksheet in Appendix C to help to track POV information and gather data for effective POV decision-making
and increased win rates. Follow the instructions below carefully and submit any feedback to asa-
[email protected].
Training
Cisco offers the Fire Jumper program that develops partner pre-sales security SEs to lead customer engagements from
sizing, scoping, and design through demonstration and proof-of-value. Prior to delivering a customer FTD POV, we
recommend that partners achieve Stage 4 of the Fire Jumper program for the NGFW & NGIPS competency area. Program
and training information is through the following Security Partner Community posts.
• Fire Jumper Program:
https://communities.cisco.com/docs/DOC-55046
• Network Security Competency Area
https://communities.cisco.com/docs/DOC-57815
Deployment
The majority of tactical POVs will leverage Cisco ASAs running FTD. To minimize risk or disruption to the customer
environment while providing the most value, passive deployments are recommended. You can accomplish this by
configuring a span port on a Cisco switch in the customer environment and configuring a passive interface on the FTD.
There are multiple options to send traffic to the FTD. The best deployment gives visibility of both internet facing and
internal segments. For tactical POVs, we recommend configuring multiple SPAN ports on customer switches to capture
internet and internal traffic. Please refer to the SPAN configuration examples here that match your customer’s switch
type: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500series-switches/10570-41.html.
For tactical POVs, we recommend that partners leverage the Cisco Firepower Management Center Proof of Value available at
https://dcloud.cisco.com. When using dCloud, installation options for dCloud include Endpoint Router and FTD or Standalone
FTD. This guide will present the standalone FTD option.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 39
Lab Guide
Cisco dCloud
This demo addresses two specific different use cases. In a POV use case, it is expected that you will connect a Firepower device
located on premise at the customer POV site back to the dCloud hosted FMC in this demo over the internet. For POV training
purposes, this demo content also includes a virtual FTD appliance connected to a promiscuous vSwitch, and a traffic generator
that can be used to simulate a customer environment.
You can use this dCloud demo content as part of your customer POV to connect an on-premise device to the dCloud hosted
FMC in this demo. Alternatively, you can use the dCloud hosted FTD in the demo to connect to FMC for a training use case.
When you connect the dCloud hosted FTD to the FMC, the traffic generator will send a variety of traffic that the FTD will see on
its gi0/2 interface when properly configured in passive mode.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 39
Lab Guide
Cisco dCloud
If you are unable to access any software due to entitlement, engage with your Cisco alliance manager to associate your
CCO account with your company to grant partner-level CCO access. If you are still unable to access the software, follow
the process at this link to request access from partner help through the special file publish process:
https://communities.cisco.com/docs/DOC-55301. Use of Firepower Threat Defense software on the device is strongly
encouraged. For additional information on migration paths and upgrade dependencies, please refer to the following
link:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa95/upgrade/upgrade95.html .
Steps
NOTE: Instructions for downloading required software for an ASA 5515-X and POV preparation can also be used for other ASA
models as needed.
1. To download the FTD software, go to http://software.cisco.com/download/navigator.html.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 6 of 39
Lab Guide
Cisco dCloud
4. Select the following options and download the versions listed below or later.
• Firepower Threat Defense for ASA 55XX series v6.4 (ftd-6.4.0-102.pkg)
• Firepower Threat Defense v6.4 boot image for ASA 5512/5515/5525/5545/5555 devices (ftd-boot-9.12.1.6.cdisk)
NOTE: The ASA5585-X platforms will not support the FTD software.
Installation
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 7 of 39
Lab Guide
Cisco dCloud
Name: "Storage Device 1", DESCR: "Unigen 128 GB SSD MLC, Model Number: Micron_M550_MTFDDAK123MAY" PID: N/A , VID: N/A ,
SN: 12345678900
NOTE: The Example ASA5506-X has an Fw Version of 1.1.1 that needs to be upgraded.
If the Fw Version of your ASA 5506-X series, ASA 5508-X, or ASA 5516-X is not 1.1.1 or greater, follow the steps below to
upgrade the ROMMON. The example that follows is for the ASA5506-X, but the same firmware also works for ASA5508-X
and ASA5516-X platforms.
2. To download the ROMMON software, go to http://software.cisco.com/download/navigator.html . This will present the
Downloads Home > Products pane. Continue to navigate to Downloads Home > Products > Security > Firewalls >
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 8 of 39
Lab Guide
Cisco dCloud
Next-Generation Firewall (NGFW) > ASA 5500-X with FirePOWER Services > ASA 5506-X with FirePOWER Services >
ASA Rommon Software.
Figure 4. Download Software
3. Select the following options and download the versions listed below or later.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 9 of 39
Lab Guide
Cisco dCloud
4. To upgrade the ASA ROMMON, connect to the ASA and escalate to configuration mode. Configure the
management1/1 interface with an IP address with connectivity to a TFTP server that can source the required
ROMMON software. Use the ping command to confirm connectivity.
ciscoasa# config t ciscoasa (config)# interface management1/1 ciscoasa
(config)# ip address 10.10.200.3 255.255.255.0 ciscoasa (config)# ping
10.10.200.2
5. Copy the ROMMON image to ASA flash memory with the copy command. Upgrade the ROMMON image with the
upgrade rommon command. Save the configuration and confirm for the ASA to upgrade the ROMMON image and
reload when complete.
ciscoasa (config)# copy tftp://10.10.200.2:/asa5500-firmware-1112.SPA disk0:asa5500-firmware-1112.SPA Address or name of remote host
[10.10.200.2]? Source filename [asa5500-firmware-1112.SPA]?
Destination filename [asa5500-firmware-1112.SPA]?
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[…]
!!!!!!!!!!!!!!!!!!!
9241408 bytes copied in 11.218 secs (9241408 bytes/sec) ciscoasa (config)# upgrade rommon
disk0:asa5500-firmware-1112.SPA
Computed Hash SHA2: 0809c2851ead97a1a327bfceb3f04ed6
[…]
Verification successful.
System config has been modified. Save? [Y]es/[N]o: Y
Cyrptochecksum: c0048ee4 bca79091 de890268 d5f5010b
6. After system reload, access the command line and enter the show module command. Note the Fw Version in the
output for Mod 1 in the MAC Address Table. This should match the ROMMON version loaded 1.1.12 or greater.
ciscoasa# show module
Name: "Chassis", DESCR: "ASA 5506-X with SW, 6 GE Data, 1 GE Mgmt, AC"
[…]
Mod MAC Address Range Hw Version Fw Version Sw Version ---- -------------------------- ---------- ------
---- ----------1 7426.aceb.ccea to 7426.aceb.ccf2 1.0 1.1.12 9.9(1) sfr 7426.aceb.cce9 to 7426.aceb.cce9
N/A N/A
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 10 of 39
Lab Guide
Cisco dCloud
4. Press Esc during startup when prompted to reach the ROMMON prompt. If you see the Launching BootLoader…
message, then you have waited too long and must reload the ASA again after it finishes booting.
ciscoasa# reload
System config has been modified. Save? [Y]es/[N]o: N Proceed with reload?
[confirm] ciscoasa#
***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
[…]
*** --- SHUTDOWN NOW ---
Process shutdown finished Rebooting
[…]
Booting from ROMMON
[…]
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot interrupted.
Management0/0
Link is DOWN
MAC Address: a0ec.f938.fdac
5. From ROMMON, configure the Management IP address, Default Gateway, TFTP server, and TFTP path, and file
name.
• ASA 5512-X, 5515-X, 5525-X, 5545-X, and 5555-X o Use interface
• ASA 5506-X Series, 5508-X, and 5516-X o Use interface management 1/1
by default and do not require the interface command o Boot image file
extension is .lfbff
NOTE: These use the set command to verify settings and the sync command
to save the configuration for later use. Commands may vary by ROMMON
version, so adjust as required.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 11 of 39
Lab Guide
Cisco dCloud
6. Use the ping command to confirm connectivity to the TFTP server. Then, enter tftpdnld to load the boot image. The
image can take a number of minutes to download so please be patient. You can monitor the download status in most
TFTP server software.
rommon #6> ping 10.10.200.2
Sending 20, 100-byte ICMP Echoes to 10.10.200.2, timeout is 4 seconds:
?!!!!!!!!!!!!!!!!!!!
Success rate is 95 percent (19/20) rommon #7>
tftpdnld ROMMON Variable Settings:
ADDRESS=10.10.200.2 SERVER=10.10.200.3
GATEWAY=10.10.200.2
PORT=Management0/0
VLAN=untagged
IMAGE=ftd-boot-9.12.1.6.cdisk
CONFIG=
LINKTIMEOUT=20
PKTTIMEOUT=4
RETRY=20
tftp [email protected] via 10.10.200.2
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[…]
Received 101173248 bytes
[…]
Launching TFTP Image...
[…] ciscoasa-boot>
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 12 of 39
Lab Guide
Cisco dCloud
7. Type setup and configure network settings for the Management interface to establish temporary connectivity to the
HTTP or FTP server so that you can download and install the system software.
ciscoasa-boot> setup Welcome to Cisco
FTD Setup
[hit Ctrl-C to abort]
Default values are inside []
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 13 of 39
Lab Guide
Cisco dCloud
8. Type system install, followed by the path to the FTD system software. HTTP and FTP are supported. The example
below shows an FTP installation. When installation is complete, enter y to continue with the upgrade. When
prompted, press Enter to reboot the system. The initial reboot after installing FTD on an ASA make take 30 minutes
or longer.
ciscoasa-boot>system install ftp://10.10.200.2/ftd-6.4.0-102.pkg
######################## WARNING ############################
# The content of disk0: will be erased during installation! #
##########################################################
###
Do you want to continue? [y/N]: Y Erasing disk0 ...
Verifying
Reboot is required to complete the upgrade. Press 'Enter' to reboot the system.
NOTE: See the Reimage the Cisco ASA or Firepower Threat Defense Device document for additional details:
http://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 14 of 39
Lab Guide
Cisco dCloud
4. If you need to adjust the management IP after completing the bootstrapping wizard, enter the configure
network command from the CLI. You can verify the configuration with the show network command.
configure network ipv4 manual X.X.X.X X.X.X.X X.X.X.X
show network
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 15 of 39
Lab Guide
Cisco dCloud
Steps
1. To schedule a dCloud POV, browse to http://dcloud.cisco.com and login with your CCO credentials. If prompted,
select the region closest to you to set your default data center.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 16 of 39
Lab Guide
Cisco dCloud
2. Select Catalog from the toolbar and search for Firepower POV. Find the appropriate catalog item and click Schedule
to setup the dCloud POV Session. Image below may not match exactly but may be a later version.
Figure 7. Catalog
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 17 of 39
Lab Guide
Cisco dCloud
3. Enter the POV timeframe and click Next. Note that dcloud POVs are limited to 5-days by default. Extensions of up to 30
days are available by contacting support. Extensions beyond 30-days are handled on a case-by-case basis and require
additional customer opportunity information. Risk Reports are based on five days of customer traffic. Additional time
should only be used when required to troubleshoot receiving network traffic or other items.
Figure 8. Schedule your Session
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 18 of 39
Lab Guide
Cisco dCloud
4. Enter Customer Pilot/POC for Primary Use, select the Revenue Impact, and provide relevant customer and partner
information. When finished, click Schedule.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 19 of 39
Lab Guide
Cisco dCloud
NOTE: If you are using the environment for use-case 2 (Training), please remember to register the virtual FTD with the
internal IP address of the FMC in the dCloud pod - 198.18.133.10 and not the Public IP address detailed below in the steps.
1. Access dCloud and select Dashboard, which will reflect the current scheduled sessions. Select View for the Cisco
Firepower Proof of Value.
Figure 10. Dashboard > My Sessions
2. Select Details and note the Public Address for the FMC.
Figure 11. Public Address
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 20 of 39
Lab Guide
Cisco dCloud
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 21 of 39
Lab Guide
Cisco dCloud
3. If you are utilizing the dCloud hosted FTD for POV training, connect to the Jumper, then log in to the dCloud hosted FTD
CLI using PuTTY from the jumper desktop and complete the configuration by setting the management information for the
FMC that will manage the sensor. If you are using this demo to connect your on-premise device to the dCloud hosted FMC,
you will need to connect to your on premise device via console or SSH to complete the registration to the dCloud hosted
FMC.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 22 of 39
Lab Guide
Cisco dCloud
When using FMC hosted on dCloud, change the network management-port of the FTD to 8443. The Public Address from the
dCloud session details will be the Firepower MC IP. The registration key and nat-id are arbitrary but must match the key that will
be created during FMC setup. Management port can be confirmed with ‘show network’ command.
> configure manager add <FMC Public IP> <Registration Key> <nad-id>
Manager successfully configured.
Please make note of reg_key as this will be required while adding Device in FMC.
3
Management port : 8443
IPv4 Default route
Gateway : 198.18.128.1
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 23 of 39
Lab Guide
Cisco dCloud
Licensing
FMCs use Smart Licensing for sensors running 6.0 software or later for FTD devices. This dCloud FMC comes with a built-in
Smart License account pre-installed. Running Firepower Threat Defense software will thus have the license installed directly
from FMC on connection. Cisco strongly recommends FTD, but if you do require classic licenses for NGIPS or Firepower on ASA
devices please use links below.
1. Cisco Internal employee classic licensing
2. Cisco Partners/Customers
NOTE: The credentials for the FMC are the Owner (Username) and Session ID (password) from the dCloud Session Details.
Alternatively, you can use the dcloud username and the unique Session ID (password) from dCloud, such as dcloud/123456
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 24 of 39
Lab Guide
Cisco dCloud
1. To add your FTD to the FMC, launch Chrome from the Jumper desktop, click the FMC bookmark, and login to FMC.
Navigate to Devices > Device Management. Select Add > Add Device from the top right.
When adding an FTD device external to dCloud, set the Host as DONTRESOLVE to allow connectivity through the dCloud
NAT.
When adding the FTD device within this dCloud lab, use the Host of 198.18.133.11, a display name of FTD.
For both situations, use the Registration Key of C1sco12345, and select Cisco PoV Access Control Policy from the Access
Control Policy drop-down
Note: If you already registered one device with the FMC, you must use a different name for subsequent devices such as
DONTRESOLVE2. When connecting more than one device to the FMC, make sure to complete one setup first before continuing to
other devices as to verify the FMC is building the correct connection to the correct device.
2. Select the Malware, Threat, and URL Filtering Licensing options. Expand the advanced settings and enter a Unique NAT ID
of 12345. When complete, click Register.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 25 of 39
Lab Guide
Cisco dCloud
The FMC will contact your FTD and add it as a managed device.
If the device is not added, confirm that the registration keys match, the software versions are compatible, and a
network device is not blocking the connection.
To confirm the FMC IP address and view the current status, use the show managers command from the FTD CLI.
This message will display while you wait:
Adding device… can takes several minutes, Please Wait...
To troubleshoot the FTD-to-FMC connection: From the CLI, enter expert mode and use sudo pigtail to review debugging
information. Open a TAC POV case through your Cisco GSSO CSE as required. Contact dCloud Support for direct assistance and
help with TAC.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 26 of 39
Lab Guide
Cisco dCloud
Initial Configuration
Object Management
1. Adjust the variable set to match the monitored network. In the FMC, browse to Objects >
Object Management Select the Variable Set in the left panel and select to edit the Default-Set.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 27 of 39
Demonstration Guide
Cisco dCloud
3. Click to create a new Network Object. Provide a Name and enter Network information that matches the customer
environment. If using the built-in FTD with demo traffic generator, use the Network of 192.168.0.0/16. Click Save when
complete.
Figure 15. Create a New Network Object
4. Select your new HOME_NET object from Available Networks and click Include to add the New Network Object in the
HOME_NET Variable.
5. Click the trashcan icon to remove the any pre-existing objects from “Included Networks.”
6. Continue by clicking Save, Save, Yes.
Figure 16. Edit Variable
7. Browse to Policies > Network Discovery. Select to delete the IPv4-Private-All-RFC1918, and then click Yes.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 28 of 39
Demonstration Guide
Cisco dCloud
8. Select + Add Rule to add a new rule. Enable the Users by clicking the check box. Remove any pre-existing Networks by
clicking the trash can. Add the newly created HOME_NET variable by selecting it from the Available Networks list and clicking
the Add button. Click Save.
Passive Interface
To configure a passive interface for the FTD to accept traffic from the SPAN port or tap on the customer network:
1. Navigate to Devices > Device Management and select to edit the FTD.
2. Select next to the interface connected to the evaluation network. If using the built-in FTD with demo traffic generator,
use GigabitEthernet0/2. No IP address is needed as this will be a passive interface.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 29 of 39
Demonstration Guide
Cisco dCloud
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 30 of 39
Demonstration Guide
Cisco dCloud
7. Click the Deploy button at the top right to push the interface configuration to the FTD.
Figure 22. Deploy
9. You can verify the deployment is complete by selecting the checkbox and selecting the deployments tab.
10. When the deployment completes, the interface status for the passive interface should turn green.
Note: You may need to click to a different tab other than Devices and come back to see the icon turn green.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 31 of 39
Demonstration Guide
Cisco dCloud
11. Browse to Analysis > Connections > Events. If events are not populating, verify that interfaces are connected,
enabled, and the SPAN port or tap is functional.
12. If using the FTD with demo traffic generator, please give the demo traffic generator some time (5 to 10 minutes) to
playback an assortment of traffic before generating the risk reports.
Figure 25. Analysis > Connections > Events
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 32 of 39
Demonstration Guide
Cisco dCloud
Steps
1. To generate the reports, navigate to Overview > Reporting and select the Report Templates tab.
2. Now generate the Advanced Malware, Attacks, and Network Risk Reports. These will provide actionable information
based on the customer’s traffic.
When complete, you can access these HTML reports from the FMC Tasks list and transfer them to your local system using any cloud
based storage solution or email client. Share these reports and your findings with the customer at the POV close-out meeting.
During the meeting focus on the win criteria established upfront and the differentiating value of the Cisco solution. Provide a bill of
materials that positions the appropriate FTD licensed features
3. When complete, submit the POV for the company incentive through SIRE if supported in your location:
www.cisco-sire.com. Note that the required proof-of-performance items are:
o Win Criteria: Appendix A in POV Best Practices Guides
o Data Collection Worksheet: Appendix B in POV Best Practices Guide
o POV Outcome: Appendix C in POV Best Practices Guide
o Risk Reports or Customer Facing Reports based on POV Best Practices Guide
o Bill of Materials (Microsoft Excel Format): Note that there is a $10k minimum opportunity to qualify for the
program
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 33 of 39
Demonstration Guide
Cisco dCloud
For more information, review the Cisco Funded Network Assessment Post:
https://communities.cisco.com/docs/DOC-65405.
Device Sanitization
After a successful partner executed POV, you will need to purge the customer data to prepare for the next POV. dCloud will
automatically delete the FMC VM and any customer information.
1. The customer data on the FTD is deleted when you erase and reformat the file system. Enter the following command to
complete the process.
> erase /noconfirm disk0:
2. To prepare for your next POV, re-install the FTD software as described in section 6.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 34 of 39
Demonstration Guide
Cisco dCloud
Customer Name
Win criteria needs to be defined before a partner executed POV begins so that you are able to quickly demonstrate unique business
value to the customer during the on-site engagement. This process focuses the engagement on the solution elements that are most
important to the customer. The worksheet below serves as a starting point to develop win criteria for a Tactical Partner Executed
POV and can be adjusted as required based on dialogue with your customer.
Prioritize each Win Criteria in order from 1 – 8, with one being most important and eight being least
important, based on your customer’s priorities.
Visibility
Do you want to have a better understanding of the types of devices on your network and the applications they are
running?
Threat
Are you concerned about bad actors in your environment and the threat that they pose to other internal systems?
Automation
Would you like to reduce the strain on your security analysts while arrive at a faster resolution of intrusion information?
Reputation
Do you value a robust reputation service that helps to limit traffic to known bad websites and actors on the Internet?
Malware Detection
Would you like to implement network malware detection with file reputation, sandboxing, and retrospection?
File Blocking
Do you value visibility of file types entering your environment with the capability to block files before an attack by type,
protocol, or transfer direction?
Application Control
Are you interested in granular control of applications that helps maximize productivity and reduce the attack surface?
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 35 of 39
Demonstration Guide
Cisco dCloud
Thank you for giving Cisco the opportunity to demonstrate the security posture of your network using Firepower Threat Defense.
Please provide the following information to prepare for the evaluation. Network Range(s)
1. Network ranges to be part of the evaluation: Please provide the smallest NETMASKs possible in CIDR format (e.g.
10.100.0.0/16 – instead of 10.100.1.0/24, 10.100.2.0/24, etc.)
2. Networks within these ranges that should be excluded from the above. (Note that this is a non- intrusive observatory
system and will not footprint any of your hosts.)
Time Zone
3. Local Time Zone
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 36 of 39
Demonstration Guide
Cisco dCloud
Default Gateway
DNS Servers
What type of switch will the system collect SPAN traffic from? (Cisco 3850, Cisco Catalyst 4K, etc.)
SPAN will be configured using Source Interface or Source VLANs. List sources below (VLAN 10, 20, etc.)
Length of Evaluation
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 37 of 39
Demonstration Guide
Cisco dCloud
POV Outcome
Partner SE Name
Partner SE Email
Compelling Event
Competitors
POV Duration
Cisco Deal ID
Cisco PO or SO #
Comments
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 38 of 39
Demonstration Guide
Cisco dCloud
What’s Next?
This completes the Cisco Firepower POV Guide.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 39 of 39