Mobirise

CDO Lab Guide 
Spring 2019

This lab guide is for general use, but specifically is written to be used with the dCloud SEVT CDO Pods.  This Lab Session is two hours long and consists of 12 modules.

The object of these labs is to give you some hands on experience with CDO.  The outcome will be that you will have a good foundation from which speak about and implement CDO.

There is a link to each Lab below.  Thank you for joining!

VIdeos for those that like to watch and do

Several of the lab module have a cooresponding video.  The videos are hosted on youtube, and the links to the videos are provided within the lab.

Use Case based documenation - no step by steps

The documentation is more use case base, and less step by step directive instructions.  Adam & Derek are available throughout the lab to assist with any questions.

build a website

Getting Started Up

This lab is being hosted in dCloud.  You should have received an invite from dCloud .  It will be sent from the email that you used to registered in dCloud.  The link to dCloud is below.  Once you have logged into dCloud, you will want to make sure that you are in the RTP Datacenter (hint: look in the top right hand corner of the dCloud Dashboard.)

Logging into CDO is a little different for this lab.  Normally, you would go to https://defenseorchestrator.com (or .eu) to log into CDO.  For the purposes of this lab, you will be instead going to a proxy address that will automatically log you into CDO based on the POD that you were assigned.

- After you log into our session, click on the Windows 10 box in the topology and then choose the "Remote Desktop" link
- Inside the Remote Desktop, choose Chrome
- From Chrome, bring up an Incognito Window
- Type https://198.18.134.139  You should now be logged into CDO

The Critical Info: Devices & IP Details

There are 4 ASA's, 2 FTD's, and 2 CSR's (virtual Cisco Routers) in this lab.  Each of these devices are virtual.  We will also be onboarding a shared Meraki MX.
The username and password for all of the devices is
admin / C1sco12345

NAMEIP ADDRESSUSERNAME PASSWORD
FTD1198.18.133.11adminC1sco12345
FTD2198.18.133.12adminC1sco12345
ASA1198.18.133.14adminC1sco12345
ASA2198.18.133.15adminC1sco12345
ASA3198.18.133.16adminC1sco12345
ASA4198.18.133.17adminC1sco12345
SDC 198.18.133.180rootC1sco12345
CSR1198.18.133.18adminC1sco12345
CSR2198.18.133.19adminC1sco12345
Proxy Address198.18.134.139

LAB 1

Configure the Secure Device Connector (SDC)

In this Lab module, you will configure your initial environment, including associating the SDC to your Tenant

LAB 2

Onboard Devices

In this Lab Module, you will onboard your ASA and FTD devices into CDO

LAB 3

Object Optimization

In this Lab Module, you will optimize or "clean-up" your objects on your ASA devices

LAB 4

ASA Policy Management

In this Lab Module, you will use CDO to find opportunities to optimize your ACL's inside of the Access-Groups

LAB 5

Change Management

In this Lab module, you will explore the Change Log Functionality of CDO, as well as use the Change Request and Config Restore Functions

LAB 6

ASA CLI and Macro Toolset

In this Lab module, you will explore the ASA CLI Toolset and Macro Capabilities

LAB 7

ASA Template Creation and Deployment

In this Lab module, you will configure an ASA Template and create a new device configuration from the Template

LAB 8

ASA Image Upgrades

In this Lab module, you will upgrade one or more your ASA's using CDO

Lab 9

Explore FTD Device Management in CDO

In this module, you will explore the features that exist in CDO to enable Device Settings, Interface Configuration, and Routing.

Lab 10

FTD Policy Management Via CDO

In this module, you will change existing FTD Policies via CDO as well as create Policies from scratch

Lab 11

The Big Kahuna

In this module, you will add a Meraki MX to CDO and then manage a single, common object across ASA, FTD, and Meraki

Lab 12

Explore IOS and Gereric SSH Functionality

In this module, you will explore the funtionality that exists with the CDO IOS management and the Generic SSH device management