https://community.cisco.com/t5/network-security/ftd-management-over-internet/m-p/4497624#M1084815 <P>Ah, I might have forgotten that piece of information. My management interfaces have public IPs.</P><P>I found the CLI settings&nbsp;ssh-access-list and https-access-list which seems to do the trick for SSH access but what about SNMP?</P><P>&nbsp;</P><P>/Fredrik</P> Thu, 04 Nov 2021 06:06:04 GMT hoffa2000 2021-11-04T06:06:04Z https://community.cisco.com/t5/network-security/ftd-management-over-internet/m-p/4497094#M1084797 <P>Greetings</P><P>I have a scenario where my FTDs are only reachable for management by the FMC over Internet. The FTDs are running HA so data interface access isn't an option. I assume data in transit is properly encrypted but how do I secure access to the FTD management interface? I have yet to find an ACL option for the actual management interface, I'm thinking about using black-hole routing but it seems kind of cheap.</P><P>&nbsp;</P><P>Regards</P><P>Fredrik</P> Wed, 03 Nov 2021 11:45:23 GMT https://community.cisco.com/t5/network-security/ftd-management-over-internet/m-p/4497094#M1084797 hoffa2000 2021-11-03T11:45:23Z https://community.cisco.com/t5/network-security/ftd-management-over-internet/m-p/4497099#M1084798 <P>i would put management in different VLAN, Do NAT on Internet Router with Public to Private IP, if you know FMC Public IP, then&nbsp; i will restrict with ACL to allow only FMC IP contacting FTD.</P> <P>&nbsp;</P> <P>Since if&nbsp; you do not have option to deploy Lan, if you have only option to communicate from External Internet.</P> <P>&nbsp;</P> Wed, 03 Nov 2021 11:55:55 GMT https://community.cisco.com/t5/network-security/ftd-management-over-internet/m-p/4497099#M1084798 balaji.bandi 2021-11-03T11:55:55Z https://community.cisco.com/t5/network-security/ftd-management-over-internet/m-p/4497367#M1084810 <P>Hi</P><P>Thank you for the answer. As I don't have any control over our Internet router I'd like to look into the ACL option. How is that done?</P><P>&nbsp;</P><P>/Fredrik</P> Wed, 03 Nov 2021 18:06:54 GMT https://community.cisco.com/t5/network-security/ftd-management-over-internet/m-p/4497367#M1084810 hoffa2000 2021-11-03T18:06:54Z https://community.cisco.com/t5/network-security/ftd-management-over-internet/m-p/4497460#M1084812 <P>if the Internet&nbsp; Router does not do NAT, then how will an external connection establish to FTD, that fails - since Manangment is RFC1918 address (that was my impression)&nbsp; or Do&nbsp; you have Public IP configured on Manangment?</P> Wed, 03 Nov 2021 19:52:41 GMT https://community.cisco.com/t5/network-security/ftd-management-over-internet/m-p/4497460#M1084812 balaji.bandi 2021-11-03T19:52:41Z https://community.cisco.com/t5/network-security/ftd-management-over-internet/m-p/4497624#M1084815 <P>Ah, I might have forgotten that piece of information. My management interfaces have public IPs.</P><P>I found the CLI settings&nbsp;ssh-access-list and https-access-list which seems to do the trick for SSH access but what about SNMP?</P><P>&nbsp;</P><P>/Fredrik</P> Thu, 04 Nov 2021 06:06:04 GMT https://community.cisco.com/t5/network-security/ftd-management-over-internet/m-p/4497624#M1084815 hoffa2000 2021-11-04T06:06:04Z https://community.cisco.com/t5/network-security/ftd-management-over-internet/m-p/4497719#M1084818 <P>Why do you need SNMP over Public? if you are intent to use try SNMPv3, also the same ACP rule you can apply.</P> <P>&nbsp;</P> Thu, 04 Nov 2021 09:22:39 GMT https://community.cisco.com/t5/network-security/ftd-management-over-internet/m-p/4497719#M1084818 balaji.bandi 2021-11-04T09:22:39Z https://community.cisco.com/t5/network-security/ftd-management-over-internet/m-p/4501941#M1085036 <P>Hi</P><P>I don't that's the thing. I ONLY want FMC management on my Internet connected management interface.</P><P>&nbsp;</P><P>/Fredrik</P> Fri, 12 Nov 2021 10:23:04 GMT https://community.cisco.com/t5/network-security/ftd-management-over-internet/m-p/4501941#M1085036 hoffa2000 2021-11-12T10:23:04Z