Smart CLI Routing option not available. Bug?

dbaas · ‎06-24-2024

Hello Cisco DevOps for OSPF on FPR,

I'm currently working on a FPR-2110 running in stand-alone mode, i.e. managed with FDM.

Looking through documentation, it should be possible to configure OSPF using the Smart CLI Routing option under Advanced Configuration. But the Routing menu item is not present. Options for OSPF under Routing are present (and configured).

The device has a clean installation (after factory reset & disk wipe) with v7.4.1, in which the option is not there (anymore). Installing v7.4.1.1 did not fix this (it wasn't mentioned in the release notes it should, but I wanted to be sure).

Is this a bug?

Searching various resources did not mention any similar cases mentioning the unavailability of this menu item. I don't have other devices available for comparison.

Kind regards,

Dennis

MHM Cisco World · ‎06-24-2024

https://www.cisco.com/c/en/us/support/docs/security/firepower-1000-series/221877-configure-ospf-routing-on-ftd-via-fdm.html

Ospf config in fdm via flexconfig

MHM

balaji.bandi · ‎06-25-2024

That looks blizzard - last time i tested i remember correctly that was present, i will check again.

Supported Routing Protocols on the latest should work, until we missing anything here.

https://www.cisco.com/c/en/us/td/docs/security/firepower/740/fdm/fptd-fdm-config-guide-740/fptd-fdm-routing.html

Hope you have License applied ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

dbaas · ‎06-26-2024

@balaji.bandi that was indeed one of the documents I used to check. As that one recent (April 2024) and mentioning 'FTD 6.4.0 or later' I assumed that was what I should be expecting.

@MHM Cisco World I'm running the trial license. Document mentioned above Balaji is using a trial license as well, so I think that is an issue.

But digging some deeper I think I found the solution. Available documents are very confusing (in addition to the document mentioned above).

For instance:

Cisco Secure Firewall Device Manager Configuration Guide, Version 7.2 (https://www.cisco.com/c/en/us/td/docs/security/firepower/720/fdm/fptd-fdm-config-guide-720/fptd-fdm-virtual-routers.html

Additional Guidelines
You can configure the following features on the global virtual router only:

OSPFv3
RIP
EIGRP
IS-IS
BGPv6
Multicast Routing
Policy Based Routing
VPN

You can configure the following features separately for each virtual router:
Static routes and their SLA monitors.
OSPFv2
BGPv4

So, this information is INCORRECT, as OSPFv3 is not available in FDM.

Then:

Cisco Secure Firewall Device Manager Configuration Guide, Version 7.4 (https://www.cisco.com/c/en/us/td/docs/security/firepower/740/fdm/fptd-fdm-config-guide-740/fptd-fdm-routing.html)

OSPFv2: Smart CLI Configure OSPFv2 Smart CLI objects from the Device > Routing page.

Configure objects used in OSPFv2, such as route maps, using Smart CLI objects from the Device > Advanced Configuration page.

OSPFv3: - OSPFv3 configuration is not supported.

But what I think describes my issue most:

Cisco Secure Firewall Device Manager New Features by Release (https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/roadmap/device-manager-new-features-by-release.html)

6.7.x Added EIGRP support using Smart CLI
6.6.x OSPF and BGP configuration moved to the Routing pages. The OSPF and BGP Smart CLI objects are no longer available on the Advanced Configuration page.

Conclusion:

Difference between FMC and FDM: FMC does support OSPFv2 & OSPFv3, but FDM does not support OSPFv3.

In FDM: as of release 6.6.x, configuring (OSPF)routing is done under Routing. Smart CLI is not to be used anymore, and is not even present/possible anymore.

So it is not a bug