topic Re: Policy Based Routing on FTD managed by FDM in Network Security

Policy Based Routing on FTD managed by FDM

wcutajar — Tue, 24 Aug 2021 10:50:07 GMT

Hi, I'm trying to set up PBR (Route Maps) on FTD managed by FDM but I'm finding it impossible, on ASA it would look something like this

access-list ROUTEMAP-ACL1 extended permit tcp object CloudKey1 any

route-map ROUTEMAP1 permit 10
 match ip address ROUTEMAP-ACL1
 set ip next-hop <IP-ADDRESS-OF-ISP2-GATEWAY>

I've added the accesslist and the first line of the route-map command via SmartCLI but I'm stuck on how to create the subsequent commands

If I try to use FlexConfig it says that route-map command is blacklisted CLI

Any ideas?

Re: Policy Based Routing on FTD managed by FDM

Jay Ponce — Tue, 24 Aug 2021 18:15:47 GMT

Please make sure you are running version 6.6 or higher in the FDM and the syntax is the same as ASA.

Re: Policy Based Routing on FTD managed by FDM

wcutajar — Wed, 25 Aug 2021 08:54:20 GMT

I am in fact running version 6.6.4, I managed to partially get it to work using a workaround to configure bgp-set-clause to set the next hop as there is a bug which does not let you configure set clause when creating the Route Map in SmartCLI (I have attached a screenshot on how I've set it up.

After that I created a FlexConfig object to attach the above route map to the interface as per below

With the above I can confirm that it works however I have an issue that I have no failover for PBR, on an ASA I would have used the following commands:

set ip next hop verify-availability 192.168.22.254 track 1

set ip next hop verify-availability 192.168.21.254 track 2

which would have enabled failover for PBR using a SLA monitor.

I was so excited to move from ASA to FTD but it seems that the product has so much less features.

Re: Policy Based Routing on FTD managed by FDM

engineer467 — Thu, 08 Sep 2022 16:09:24 GMT

Hi,

Can you share the steps how you applied this route-map to the interface?

Thanks

Re: Policy Based Routing on FTD managed by FDM

Marius Gunnerud — Sat, 10 Sep 2022 20:31:16 GMT

Without knowing the steps you are taking to create the route-map, we can only provide information on how a route-map is created using FDM. Check the following link

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/fptd-fdm-route-maps.html#Cisco_Task_in_List_GUI.dita_bc8a9c84-fe6d-41ff-abbe-8438fe37e35d

Re: Policy Based Routing on FTD managed by FDM

merloxuanyuan23 — Tue, 25 Oct 2022 14:00:19 GMT

Hi there, I got same issue in terms of applying route-map to the interface, have you found solution?

Re: Policy Based Routing on FTD managed by FDM

Hisoka — Fri, 12 Apr 2024 06:08:43 GMT

I have created same PBR route-map in smart CLI. But please could you share how to apply the object to the desired interface?

Re: Policy Based Routing on FTD managed by FDM

programmer01001 — Wed, 26 Jun 2024 13:03:36 GMT

Hi to apply an object to interface do the following:

1. Create FlexConfig object with this template:

interface Ethernetx/x
policy-route route-map <your route-map name>

2. Go to FlexConfig Policy and add your created object to group list. Then deploy.

Hope this helps.

Re: Policy Based Routing on FTD managed by FDM

Karsten Iwen — Wed, 26 Jun 2024 13:51:46 GMT

The more relevant question is why you are running a completely outdated version …

Re: Policy Based Routing on FTD managed by FDM

wcutajar — Fri, 28 Jun 2024 07:25:19 GMT

You realize this post is from 2021 right? We decided to move away from Cisco due to lots of these issues, hopefully they have been sorted with newer releases.

Re: Policy Based Routing on FTD managed by FDM

Karsten Iwen — Fri, 28 Jun 2024 08:14:07 GMT

Well, I obviously did not realize this. Yes, FDM still has shortcomings that are hard to understand. But overall, the platform evolved really well, and in version 7.2+, there is not much missing.

Re: Policy Based Routing on FTD managed by FDM

MHM Cisco World — Fri, 28 Jun 2024 10:48:20 GMT

bad to know that, what issue you face (alot) can you summary it
thanks

MHM

Re: Policy Based Routing on FTD managed by FDM

bmen — Sun, 06 Jul 2025 08:54:15 GMT

Same problem with me. Multiple ISP is not working in PBR.

set ip next-hop 10.1.1.1 10.2.2.2

Re: Policy Based Routing on FTD managed by FDM

bmen — Sun, 06 Jul 2025 08:56:56 GMT

Multiple ISP is not working. If Primary ISP is down, it will not failover to secondary ISP in PBR.

Re: Policy Based Routing on FTD managed by FDM

MHM Cisco World — Sun, 06 Jul 2025 09:02:55 GMT

Make new post please

MHM

Re: Policy Based Routing on FTD managed by FDM

Fartingdragon — Thu, 21 Aug 2025 06:33:56 GMT

Is pbr available now