topic Re: FTDv management access in Network Security

FTDv management access

KevinR99 — Sat, 26 Feb 2022 13:50:49 GMT

Do you ever come across a product you really don't like from the off? FTD is it for me. For years we do "show ip int brief" Whoever is in charge of FTD decides it's "show interface ip brief"

Anyway, I have deployed a FTDv in an ESXi environment and after the initial setup I changed the default 192.168.45.45/24 address to one in my management network. Now, I can ping the new address from outside VMWare and the MAC address in the ARP entry matches my FTDv mac address. So I know I'm not seeing a duplicate IP problem. However, try as I might I cannot ping the management gateway from the FTDv CLI. Then when I try to register the FTDv with a FMCv it fails to do so.

I followed the deployment guide which ways the Management0/0 port is the first network adapter and my first network adapter is connected to a port group that connects to my management network. In fact I connected all my 4 network interfaces to the management network port group in case the management interface connected to another network interface.

When I go to the FTDv CLI and type "show interfaces ip brief" I don't see the new IP address applied to the Management 0/0 interface. I only see a 127.0.1.1 address on Internal-Control0/0 and 169.254.1.1 on Internal-Data0/2.

I then tried to manually re-apply the address with "configure network ipv4 manual" command with no success. Then I tried the same but with a DHCP address to see if it would grab an address. Still the same, no IP address.

No doubt I am doing something fundamentally wrong but when it's so difficult to get a basic thing done intuitively then I think Cisco have a problem. I don't know anyone who has said they like FTD but I need to try to get my head round it.

Thanks for any input, Kev.

Re: FTDv management access

balaji.bandi — Sat, 26 Feb 2022 14:34:28 GMT

For years we do "show ip int brief"  Whoever is in charge of FTD decides it's "show interface ip brief"

This has been there for ages from ASA ( agree if you come from switch world , the cli changed - but this what it is now) and Cisco BU knows this.

I then tried to manually re-apply the address with "configure network ipv4 manual" command with no success.

Once you add this config, do you get a success message?

when you deploy FTDv have you allocated interfaces as mentioned in the document :

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/vmware/ftdv/ftdv-vmware-gsg/ftdv-vmware-deploy.html

Re: FTDv management access

Rob Ingram — Sat, 26 Feb 2022 14:47:39 GMT

@KevinR99 to check the configuration of the management interface use "show network"

To ping from the management interface use "ping system <ip address>" as opposed to pinging from a data interface you'd use "ping <ip address>"

Re: FTDv management access

KevinR99 — Sat, 26 Feb 2022 15:05:52 GMT

Thank you Rob.

That's it. ping system to ping from the management interface and just plain old ping from the FTD interfaces.

Not my favourite CLI but I'm sure I'll get there. Much like when I work on NX-OS and IOS I always get commands mixed up.

Kev.