cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
362
Views
0
Helpful
2
Replies
Explorer

FMC FTD - how? from ex-ASA

Hi All, 

It is our first time deploying FTD+FMC. Coming from years of  ASA deployment experience i am getting very frustrated  on how difficult this change is, does anyone else thinks that way?

 

How do i do a simple ping/connectivity test from the GUI of the FMC? 

I know i can do that by login into the FTD CLI, but that is not quite the way for me to do basic troubleshooting. 

Or how  do i do a packet tracing path like ASA  Gui?

 

In terms of ACL. Do  i group all of my basic L3 deny/allow subnets/ports acl together with all L7 rules, it is such a mess.

If i have 10-15 interfaces on my FTD, with 5-10 rules(l3+l7 rules) the access policy page is a big  gigantic mess. Someone please enlighten me, or what is ur way of doing it.

 

I  am tempted to re-image the whole FTD to  ASA image since im using 2100firepower, if i am  not getting the hang of this   mess!

 

Appreciate any help. 

 

Everyone's tags (1)
2 REPLIES 2
Highlighted
Beginner

Re: FMC FTD - how? from ex-ASA

How do I do a simple ping/connectivity test from the GUI of the FMC?

Devices --> Device Management -->click on the tools next to the FW --> Advanced Troubleshooting --> Threat Defence CLI This performs a ping command from the Threat Defence appliance, not the FMC.

 

How do I do a packet tracing path like ASA Gui?

Next tab packet tracer you may check the Capture w/Trace

 

Someone, please enlighten me, or what is ur way of doing it.

I am using rule categories based on the use of each ACL.

 

Hope all these helps. I know it is a bit confusing at first but give it some time. 

Explorer

Re: FMC FTD - how? from ex-ASA

Thanks for your input!

Someone, please enlighten me, or what is ur way of doing it.
I am using rule categories based on the use of each ACL.

Do you use pre-filter, for all ur L3 rules?
As i understand, pre-filter is the ASA equivalent of doing L3 ACL, so it doesnt send it to inspect engine that hogs up more resources for L4-L7 inspection
Then again, if u work with the pre-filter page, there is no option to create category/interface segmentation which is really messy. I had to differentiate my rules using its rule name to group them together