Often when deploying Firepower/Secure Firewall devices I get asked to show that everything is working as expected or to prove that things like the Snort IPS engine are working as advertised.

I can’t, in good conscience, attempt to download some malware or ransomware on their network but how about a simple ping?

Thankfully there’s a built in Snort rule (sid) that can be enabled to trigger a security alert on ICMP Echo Replies, so all we need to do to highlight Snort efficacy and alerting is to enable that particular sid and send some Echo Requests and wait for the Reply.

After recently deploying a new Firepower 3105 HA pair for a client, they decided to move the firewalls to a different rack. Upon powering up the devices, the secondary firewall wasn’t coming online and syncing with the primary.

We plugged a console cable into the device and were greeted with a ROMMON prompt:

rommon 1>

This lines up pretty well with the following BugID:

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvp57772

While the workaround mentions doing a complete reimage of the device, there is a much simpler fix.

Continuous Blogging Pipeline

In a fit of spring cleaning I decided to overhaul this blog after nearly a decade, streamlining creation and publishing in a modern, programmatic, way.

What started as a new way to take notes for my home lab and career studies quickly escalated into yet another personal tinker project that, if you’re currently reading this, has actually progressed into production.

Obsidian for notes! Obsidian for blogs?

I recently started studying for the CCIE Security, and wanted a way to centrally store and share my notes. This led me down the obsidian path, a wonderful productivity tool that stores notes in markdown. As these notes are in plain old markdown it’s also very easy to sync your vault via git (expect a future post that goes through that whole process). This sparked a follow on idea, what if I could also use obsidian to draft and publish posts to my blog? As I only publish once in a blue moon and my content consists primarily of notes and how-to’s, even word press was overkill as a platform. Why not simply type my notes in obsidian, pretty them up with a nice Hugo theme (Terminal), and push them to GitHub Pages? This would simplify publishing, cut down on my cloud resource consumption, and keep my posts backed up in a repository.

Hello World!

Testing a new way to publish my blog through obsidian, hugo, and github.

More good things to come, sooner or later.

While Cisco’s Secure Firewall Management Center is a great tool there’s still some missing functionality here and there. Upgrades, for one, is a great example. How do you know when an upgrade has failed? Why did it fail? Where did it fail?

Sure the Task pane shows us the progress but truthfully that’s about it.

So for today, a quick update on how I monitor the progress of a Firepower Threat Defense upgrade through the command line.