FMC Endpoint Update
Company: Cisco
Details
The Cisco Application Centric Infrastructure (ACI) is a software-defined network solution and application-intelligent fabric that brings application, security, and infrastructure together in the data center. The Cisco Application Policy Infrastructure Controller (APIC) provides single-click access to the Cisco ACI, helping enable network automation, programmability, and centralized management. The FMC Endpoint Update app periodically retrieves endpoint information from the APIC and pushes it to the FMC using REST API. This helps when configuring a security policy on the FMC for your FTDs.
Pre-requisites:
1. APIC minimum version supported for 1.2 is 3.0(1k).
2. "Download Config to JSON File" works only for APIC 5.0(1L) or above.
To configure the app installed on the APIC, complete the following procedure:
Step 1: In the APIC, click Apps > Apps > FMC Endpoint Update.
Step 2: The Update Interval value is user configurable. The default interval is every 60 seconds. The minimum interval is 30 seconds, updating too frequently may negatively impact system performance with a number of FMCs. For Site Prefix, use different value on different APIC. Site Prefix value must be in all uppercase.
Step 3: Click Add Tenant/FMC to enter your FMC login credentials.
Note 1:
The app supports NAT port forwarding in cases where the FMC is behind a NAT device. Append the port number to the IP address. For example, 10.2.0.42:5001.
Note 2:
The username used by the app to sign in to the FMC must be different than the username you use to sign in to the FMC GUI. Otherwise, if they're the same, your sessions get disconnected.
Note 3:
Automatic deploy allows APIC to start an FMC policy deploy after a periodic endpoint update. Consider disabling this option during periods of desired manual control of FMC configuration, i.e. maintenance window for FMC policy changes.
Note 4:
"Download Config to JSON File" works only for APIC 5.0(1L) or above.
Step 4: After you’ve configured all your FMCs, click Submit Data.
New features in 1.2:
. FMC multi-domain support.
. APIC multi-site support.
. Upload and download configurations.
. Cleanup objects from FMC.
. Check failed FMC logins from GUI.
Pre-requisites:
1. APIC minimum version supported for 1.2 is 3.0(1k).
2. "Download Config to JSON File" works only for APIC 5.0(1L) or above.
To configure the app installed on the APIC, complete the following procedure:
Step 1: In the APIC, click Apps > Apps > FMC Endpoint Update.
Step 2: The Update Interval value is user configurable. The default interval is every 60 seconds. The minimum interval is 30 seconds, updating too frequently may negatively impact system performance with a number of FMCs. For Site Prefix, use different value on different APIC. Site Prefix value must be in all uppercase.
Step 3: Click Add Tenant/FMC to enter your FMC login credentials.
Note 1:
The app supports NAT port forwarding in cases where the FMC is behind a NAT device. Append the port number to the IP address. For example, 10.2.0.42:5001.
Note 2:
The username used by the app to sign in to the FMC must be different than the username you use to sign in to the FMC GUI. Otherwise, if they're the same, your sessions get disconnected.
Note 3:
Automatic deploy allows APIC to start an FMC policy deploy after a periodic endpoint update. Consider disabling this option during periods of desired manual control of FMC configuration, i.e. maintenance window for FMC policy changes.
Note 4:
"Download Config to JSON File" works only for APIC 5.0(1L) or above.
Step 4: After you’ve configured all your FMCs, click Submit Data.
New features in 1.2:
. FMC multi-domain support.
. APIC multi-site support.
. Upload and download configurations.
. Cleanup objects from FMC.
. Check failed FMC logins from GUI.