topic Re: Cisco Firepower Threat Defense Configuration of Network Objects in Network Security

Cisco Firepower Threat Defense Configuration of Network Objects

FLTRU16 — Thu, 27 Mar 2025 19:48:53 GMT

Hoping someone can clarify this for me.

I have a FTD 1120, v7.4.2.1-30 being admin'd thru FDM. In the Networks section the values are all set at a /24 or smaller. Can Cisco handle a /17 or do I have to create multiple /24's and them group them together. All of Cisco documents show is a /24 or single subnet.

Thanks in advance.

Re: Cisco Firepower Threat Defense Configuration of Network Objects

nspasov — Fri, 28 Mar 2025 21:16:46 GMT

Can you elaborate a bit more on what network objects you are referring to? Perhaps you can also include a screenshot.

Thank you for rating helpful posts!

Re: Cisco Firepower Threat Defense Configuration of Network Objects

FLTRU16 — Mon, 31 Mar 2025 16:04:03 GMT

Objects > Networks

When I add a new network like this, the rest of our network and VPN connection cannot see and connect.

I have to break them down to individual /24 networks then combine them into a group like this. But this still did not work for the Site-to-Site VPN.

I ended up breaking it down Barny style for Cisco to complete the connection

Hope this helps some.

Re: Cisco Firepower Threat Defense Configuration of Network Objects

MHM Cisco World — Mon, 31 Mar 2025 16:05:33 GMT

You use superNet for multi' that sure not work the ftd will mark it as conflict.

MHM

Re: Cisco Firepower Threat Defense Configuration of Network Objects

FLTRU16 — Mon, 31 Mar 2025 17:01:11 GMT

I originally tried the superNet. Let the VPN simmer for 24 hours and it still would not connect. I changed back to /24 and the VPN instantly connected. I'm sure it is something I'm missing.
I managed to go 16 years in IT without having to deal with Cisco products. some setting are just stupid.

Re: Cisco Firepower Threat Defense Configuration of Network Objects

Marvin Rhoads — Mon, 31 Mar 2025 18:33:27 GMT

Are you trying to reach resources via an IPsec VPN? Or something else? Cisco firewalls, FDM-managed or otherwise, can certainly handle a /17. However, there may be other factors you haven't mentioned so far that prevent your connectivity from working as desired in your case.

Re: Cisco Firepower Threat Defense Configuration of Network Objects

FLTRU16 — Thu, 03 Apr 2025 19:25:00 GMT

That is correct. We have Meraki MX devices at our off site location. When we create the supernet on our FTD to the MX's the MX sites are not able to see any of the IP Address in the supernet and the VPN Status just show a red status light for the Non-Meraki Peers. If we dismantle the supernet and set the subnets to a max of /24 everything works fine.
I am not sure is using a FTD to connect all these sites is the best idea, would prefer to use a MX at our HQ but this is what I have to work with.