topic Re: Two Firewall in Different Locations in Network Security

Two Firewall in Different Locations

dianawinsky — Mon, 07 Apr 2025 09:03:36 GMT

I have 2 firewalls in different locations (FW1 in City 1, FW2 in City 2). I also have 1 FMC located in City 1. How can I configure FW2 in City 2 if my FMC is in City 1?

Re: Two Firewall in Different Locations

Sheraz.Salim — Mon, 07 Apr 2025 09:47:15 GMT

Here have a read on this document some thing already discussion in the past and Here Here and one last one Video

https://community.cisco.com/t5/network-security/remote-ftd-to-get-managed-from-fmc-through-internet/td-p/5257891

Re: Two Firewall in Different Locations

dianawinsky — Thu, 10 Apr 2025 01:21:06 GMT

May I ask, what could be the connection if I'm going to access the FMC remotely?

Re: Two Firewall in Different Locations

Sheraz.Salim — Thu, 10 Apr 2025 08:15:35 GMT

you can use the Data Interface instead of mgmt official document from cisco Here .you can optionally configure the device to use a data interface for management instead of the dedicated Management interface, The FMC access on a data interface is useful if you want to manage the Firepower Threat Defense remotely from the outside interface, or you do not have a separate management network. This change has to be performed on the Firepower Management Center (FMC) for FTD managed by FMC.

https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/222145-configure-manager-access-on-ftd-from-man.html

Re: Two Firewall in Different Locations

dianawinsky — Sun, 13 Apr 2025 08:48:26 GMT

Do I need ravpn license once I set it up? So I can access remotely the FMC management or with that guide I can access the FMC via internet?

Re: Two Firewall in Different Locations

Sheraz.Salim — Sun, 13 Apr 2025 09:52:58 GMT

ravpn for end user/remote client/employess you mean? or you want to access your FMC from ravpn? in both case I beleive you FMC is on prem at DC. now youo can either access it from Internal network. if from external network means from Internet in that case for anyconnect licences you need to have a smart licence for anyconnect. Here Youtube video from cisco

Re: Two Firewall in Different Locations

dianawinsky — Sun, 13 Apr 2025 10:26:43 GMT

So when I'm in the place of firewall (City 2 for example), and my FMC in on prem DC (City 1), I need anyconnect license to access the FMC management remotely to configure some settings in firewall? am I right?

Re: Two Firewall in Different Locations

Sheraz.Salim — Sun, 13 Apr 2025 12:07:42 GMT

I see where you coming from. If you are managing a firewall located in City 2 remotely from Firepower Management Center (FMC) hosted in an on-premises data center in City 1, you will need an AnyConnect license to establish remote access for management purposes. @Marvin Rhoads could you suggest here please.

Re: Two Firewall in Different Locations

Marvin Rhoads — Mon, 14 Apr 2025 08:38:26 GMT

You need to be able to access the managing FMC. Remote access VPN that gives you connectivity to the remote FMC is one option. There are many others as well - a site-site VPN, exposing the FMC via NAT and access Control Policy, using Zero Trust Application Access, using a jump server etc. are among the other possible options - all depending on what infrastructure you have at hand.

Re: Two Firewall in Different Locations

Aref Alsouqi — Mon, 14 Apr 2025 14:21:10 GMT

Or you can expose the FMC to the public internet by only allowing the public IP address of City 2 to connect to it. However, this shouldn't be a long term solution and the long term solution should be configuring a site to site VPN between the two locations and leverage that for your management accesses to the FMC and to the firewalls. If not site to site VPN is required between those two sites, you can still configure one only for management purposes which would send the traffic of City 2 firewall management port to the FMC and vice versa.