Overview

The process involved in deploying Firewall Management Center Virtual using custom IPv6 template (ARM template) in reference to marketplace image.

Procedure

Log into the Azure portal.

The Azure portal shows virtual elements associated with the current account and subscription regardless of data center location.

Enable Programmatic deployment through Azure portal or Azure CLI as follows:

To enable this option on Azure Portal.

Under Azure Services, click Subscriptions to view the subscription blade page.
On the left pane, click Programmatic Deployment under the Settings option.

All the types of resources deployed on the VM are displayed along with the associated subscription offerings.
Click Enable under the Status column and corresponding to the Firewall Management Center Virtual offering to obtain for programmatic deployment of the custom IPv6 template.

OR

To enable this option through Azure CLI.

Go to the Linux VM.
Run the following CLI command to enable programmatic deployment for deploying custom IPv6 (ARM) template.

During the command execution, you must only accept the terms once per subscription of the image.

# Accept terms
az vm image terms accept -p <publisher> -f <offer> --plan <SKU/plan>
# Review that terms were accepted (i.e., accepted=true)
az vm image terms show -p <publisher> -f <offer> --plan <SKU/plan>
Where,
- <publisher> - 'cisco'.
- <offer> - 'cisco-fmcv'
- <sku/plan> - 'fmcv-azure-byol'
The following is a command script example to enable programmatic deployment for deploying Firewall Management Center Virtual with BYOL subscription plan.
- az vm image terms show -p cisco -f cisco-ftdv --plan fmcv-azure-byol

Run the following command to retrieve the Software version details equivalent to the marketplace image version.

az vm image list --all -p <publisher> -f <offer> -s <sku>

Where,

<publisher> - 'cisco'.
<offer> - 'cisco-fmcv'
<sku> - 'fmcv-azure-byol'

The following is a command script example to retrieve the Software version details equivalent to the marketplace image version for Firewall Management Center Virtual.

az vm image list --all -p cisco -f cisco-ftdv -s fmcv-azure-byol

Select one of the Firewall Management Center Virtual version from the list of available marketplace image versions that are displayed.

For IPv6 support deployment of Firewall Management Center Virtual, you must select the Firewall Management Center Virtual version as 73* or higher.

Download the marketplace custom IPv6 template (ARM templates) from the Cisco GitHub repository.

Prepare the parameters file by providing the deployment values in the parameters template file (JSON).

The following table describes the deployment values you need to enter in the custom IPv6 template parameters for Firewall Management Center Virtual custom deployment:

Parameter Name	Examples of allowed Values/Type	Description
vmName	cisco-fmcv	Name the Firewall Management Center Virtual VM in Azure.
softwareVersion	730.33.0	The software version of the marketplace image version.
billingType	BYOL	The licensing method is BYOL or PAYG. BYOL license is more cost effective compared to PAYG, hence it is recommended to opt for BYOL subscribed deployment.
adminUsername	hjohn	The username to log into Firewall Management Center Virtual. You cannot use the reserved name ‘admin’, which is assigned to administrator.
adminPassword	E28@4OiUrhx!	The admin password. Password combination must be an alphanumeric characters with 12 to 72 characters long. The password combination must comprise of lowercase and uppercase letters, numbers and special characters.
vmStorageAccount	hjohnvmsa	Your Azure storage account. You can use an existing storage account or create a new one. The storage account characters must be between three and 24 characters long. The password combination must contain only lowercase letters and numbers.
availabilityZone	0	Specify the availability zone for deployment, public IP and the virtual machine will be created in the specified availability zone. Set it to '0' if you do not need availability zone configuration. Ensure that selected region supports availability zones and value provided is correct. (This must be an integer between 0-3).
ipAllocationMethod	Dynamic	IP allocation from Azure. Static : Manual, Dynamic : DHCP
mgmtSubnetName	mgmt	Management center IP on the mgmt interface (example: 192.168.0.10)
mgmtSubnetIP	10.4.1.15	FMC IP on the mgmt interface (example: 192.168.0.10)
mgmtSubnetIPv6	ace:cab:deca:dddd::c3	FMC IPv6 on the mgmt interface (example: ace:cab:deca:dddd::6)
customData	`{\"AdminPassword\": \"E28@4OiUrhx!\",\"Hostname\": \"cisco-mcv\", \"IPv6Mode\"`	The field to provide in the Day 0 configuration to the Firewall Management Center Virtual. By default it has the following three key-value pairs to configure: 'admin' user password Firewall Management Center Virtual hostname the Firewall Management Center Virtual hostname or CSF-DM for management. 'ManageLocally : yes' - This configures the CSF-DM to be used as Firewall Threat Defense Virtual manager. You can configure the Firewall Management Center Virtual as Firewall Threat Defense Virtual manager and also give the inputs for fields required to configure the same on Firewall Management Center Virtual.
virtualNetworkResourceGroup	cisco-mcv-rg	Name of the resource group containing the virtual network. In case virtualNetworkNewOr Existing is new, this value should be same as resource group selected for template deployment.
virtualNetworkName	cisco-mcv-vnet	The name of the virtual network.
virtualNetworkNewOrExisting	new	This parameter determines whether a new virtual network should be created or an existing virtual network is to be used.
virtualNetworkAddressPrefixes	10.151.0.0/16	IPv4 address prefix for the virtual network, this is required only if 'virtualNetworkNewOrExisting' is set to 'new'.
virtualNetworkv6AddressPrefixes	ace:cab:deca::/48	IPv6 address prefix for the virtual network, this is required only if 'virtualNetworkNewOrExisting' is set to 'new'.
Subnet1Name	mgmt	Management subnet name.
Subnet1Prefix	10.151.1.0/24	Management subnet IPv4 Prefix, this is required only if 'virtualNetworkNewOrExisting' is set to 'new'.
Subnet1IPv6Prefix	ace:cab:deca:1111::/64	Management subnet IPv6 Prefix, this is required only if 'virtualNetworkNewOrExisting' is set to 'new'.
subnet1StartAddress	10.151.1.4	Management interface IPv4 address.
subnet1v6StartAddress	ace:cab:deca:1111::6	Management interface IPv6 address.
Subnet2Name	diag	Data interface 1 subnet name.
Subnet2Prefix	10.151.2.0/24	Data interface 1 Subnet IPv4 prefix, this is required only if 'virtualNetworkNewOrExisting' is set to 'new'.
Subnet2IPv6Prefix	ace:cab:deca:2222::/64	Data interface 1 Subnet IPv6 Prefix, this is required only if 'virtualNetworkNewOrExisting' is set to 'new'.
subnet2StartAddress	10.151.2.4	Data interface 1 IPv4 address.
subnet2v6StartAddress	ace:cab:deca:2222::6	Data interface 1 IPv6 address.
Subnet3Name	inside	Data interface 2 subnet name.
Subnet3Prefix	10.151.3.0/24	Data interface 2 Subnet IPv4 Prefix, this is required only if 'virtualNetworkNewOrExisting' is set to 'new'.
Subnet3IPv6Prefix	ace:cab:deca:3333::/64	Data interface 2 Subnet IPv6 Prefix, this is required only if 'virtualNetworkNewOrExisting' is set to 'new'.
subnet3StartAddress	10.151.3.4	Data interface 2 IPv4 address.
subnet3v6StartAddress	ace:cab:deca:3333::6	Data interface 2 IPv6 address.
Subnet4Name	outside	Data interface 3 subnet name.
Subnet4Prefix	10.151.4.0/24	Data interface 3 subnet IPv4 Prefix, this is required only if 'virtualNetworkNewOrExisting' is set to 'new'
Subnet4IPv6Prefix	ace:cab:deca:4444::/64	Data interface 3 Subnet IPv6 Prefix, this is required only if 'virtualNetworkNewOrExisting' is set to 'new'.
subnet4StartAddress	10.151.4.4	Data interface 3 IPv4 Address.
subnet4v6StartAddress	ace:cab:deca:4444::6	Data interface 3 IPv6 Address.
vmSize	Standard_D4_v2	Size of the Firewall Management Center Virtual VM. Standard_D4_v2 is the default.

Use the ARM template to deploy Firewall Management Center Virtual firewall through the Azure portal or Azure CLI. For information about deploying the ARM template on Azure, refer to the following Azure documentation:

What to do next

Your next steps depend on what management mode you chose.

If you chose No for Enable Local Manager, you'll use the Secure Firewall Management Center to manage your Firewall Threat Defense Virtual; see Managing the Secure Firewall Threat Defense Virtual with the Secure Firewall Management Center.
If you chose Yes for Enable Local Manager, you'll use the integrated Secure Firewall Device Manager to manage your ; see Managing the Secure Firewall Threat Defense Virtual with the Secure Firewall device manager.

See How to Manage Your Secure Firewall Threat Defense Virtual Device for an overview of how to choose your management option.

Verify that your management center virtual deployment was successful. The Azure Dashboard lists the new management center virtual VM under Resource Groups, along with all of the related resources (storage, network, route table, etc.).

Deploy from Azure Using Custom IPv6 Template with Marketplace Image Reference

Overview

Procedure

What to do next

Need help?