GNS3 Cisco Firepower Summary
The Cisco Firepower is the next generation Firewall from Cisco superseding the ASA. This firewall has some additional functionality over the ASA including advanced inspection and IPS/IDS like functionality. We can use the Firepower in our simulations in the form of the Cisco FTDv running under KVM. This image is rather resource intensive so it’s use should be limited on weaker hardware and it is advised to run it on a native Linux installation for the best experience. It also recommended to have fast SSD storage with plenty of space as the FTD requires a bit of disk space and I/O. If running under the GNS3 VM, then you will need to ensure the VM has plenty of CPU, RAM, and Disk resources available to it.
Gather our files
Before we can import the appliance we will need the latest appliance file from the GNS3 Appliance Registry and the desired Cisco FTDv .qcow image from Cisco. Like the ASAv this will require a Cisco CCO with the correct support entitlements.
If you want to learn more about GNS3, you may be interested in The Book of GNS3 available on Amazon as paperback or Kindle. Check it out using our Amazon affiliate link, https://amzn.to/322eKCO.
- FTDv Appliance Template – This is the appliance template from the GNS3 github and needs to be saved with the .gns3a extension.
- Cisco_Firepower_Threat_Defense_Virtual-6.3.0-83.qcow2 – This is the latest full FTDv release at the time of writing this article and can be obtained from the Cisco Download site with a valid login.
Importing the new Appliance
We will begin with the same basic process as the VyOS Appliance with our files in the Downloads folder. Start by clicking on import appliance from the file menu in GNS3 and select the FTDv template to being the import.
Once selected the import process will display a description of this appliance as well as some information on its architecture.
Since we are running a native linux install we will be running the appliance directly on the local machine. If you are running under Windows or MacOS then you will need to deploy it to the GNS VM as discussed previously.
The server requirements should pass assuming you have a healthy install and were able to import the VyOS and ASAv appliances.
Now we can see that the template, at the time of this article, does not detect installation files as it does not support 6.3.0 (83). In this case we will create a custom version in order to proceed with the import.
Start by clicking on Create a new version and then name in the version appropriately. In this case 6.3.0 (38).
Once the version has been created, navigate to the .qcow required beneath it and the click import to go locate the .qcow file. By default GNS3 will start the section window in your downloads directory. If the .qcow is not in that location, then navigate to its location and then select it.
With the image imported we can proceed by highlighting our version and then clicking next. When the popup appears double check you have named the version correctly and then click yes to proceed.
On the next screen ensure the correct qemu binary has been auto selected. In the case of the FTDv this will x86_64 and then click next to proceed.
The next page will be the summary of the newly imported appliance. These values can be modified after you’ve completed the import or on a per device basis. I would not advise making any changes to the FTDv template as it does have an honest requirement for all of those resources being a heavy appliance.
The final page will provide you with some basic details on the FTDv appliance. Please note the default login here, as the FTDv is not totally unprotected like the ASAv. Click finish to completed the import process.
When you start any FTDv for the 1st time it will go through a very long boot process. On my workstation with nothing else running, it took about 10 minutes and the NVMe SSD was seeing a bit of I/O during the setup. This is one of the heavier appliances you might be running.
The FTDv appliance is now ready for use in your simulations. If you want to read more articles on GNS3 then click here!