cancel
Showing results for 
Search instead for 
Did you mean: 
KevinGallaugher
F5 Employee
F5 Employee

Introduction

This article is part of a series on implementing BIG-IP SSL Orchestrator. It includes high availability and central management with BIG-IQ.

Implementing SSL/TLS Decryption is not a trivial task. There are many factors to keep in mind and account for, from the network topology and insertion point, to SSL/TLS keyrings, certificates, ciphersuites and on and on. This article focuses on configuring a 3rd party, inline Layer 2 security device and everything you need to know about it.

This article covers the configuration of Cisco Firepower running version 6.4.

Please forgive me for using SSL and TLS interchangeably in this article.

A common Firepower deployment mode is in Layer 2, using “Inline Sets”. This combines 2 interfaces to act as an L2 bridge where data flows into one interface and is passed out the other interface. 

Firepower Management Center must be used when configuring this because Firepower Device Manager does not support the configuration of Inline Sets.

From the Firepower Management Center click Devices. It should look like the following.

0EM1T000001O7D4.png

Double click the Name of the Firepower device you want to configure.

This should bring you to the Interfaces screen. We will be configuring Ethernet 1/3 and 1/4. Click the pencil on the right to edit Ethernet 1/3.

0EM1T000001O7D5.png

Enable the interface and give it a name, “frombigip11” in this example. Click OK.

0EM1T000001O7D6.png

Repeat these steps for Ethernet 1/4, giving it a unique name too.

It should look like the following.

0EM1T000001O7D7.png

Notes: when configuring for High Availability repeat these steps for another Ethernet pair, like 1/5 and 1/6.

Go to the Inline Sets tab and click Add Inline Set.

0EM1T000001O7D8.png

Give it a Name, inlineset11 in this example. The Interface Pair should appear on the left. Select it and click Add to move it to the right. Then click OK.

0EM1T000001O7D9.png

Notes: when configuring for High Availability repeat these steps for the other Interface Pair.

Click Save and then Deploy. 

0EM1T000001O7DA.png


Check the box next to the Firepower device you configured and click Deploy. This process may take several minutes.

0EM1T000001O7DB.png

When done, the screen should look like this.

0EM1T000001O7DC.png

Summary

In this article you learned how to configure Cisco Firepower in Layer 2 mode.

Configuration of Cisco Firepower can be downloaded from here in GitLab.

Next Steps

Click Next to proceed to the next article in the series.

Contact Cisco if you need additional assistance with their products.

Version history
Last update:
‎03-Apr-2020 10:45
Updated by:
Contributors