Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1396
Views
0
Helpful
1
Replies

FTD can not directly forwarding when FMC connect to

vuthaibao
Level 1
Level 1

‎03-30-2019 12:36 AM - edited ‎02-21-2020 08:59 AM

Hello,

I plan to do demo with topology below:Topology.PNG

 

I used evaluation license for this demo(90 days).

When FTD run in standalone mode(locally management) => everything is OK, it can do route to forwarding packet, detect macilious request and download malware file.

When I add FMC management to FTD => FTD can not directly forwarding packet. FTD interfaces can not ping each other and didn't any directly route.

More troubleshoot information:

FTD route table:show route.png

 

Captured ping packet when ping from 172.163.90.50 to 10.15.15.50:

capture traffic.png

Policy apply from FMC to FTD:

FMC policy.png

Config1 file: the FTD running-config when locally management=> running OK.

Config2 file: the FTD ruuning-config when FMC management => can not directly forwarding.

Hope your support! Thank you very much!

 

Preview file
5 KB
Preview file
5 KB
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-30-2019 08:15 PM

Odd that your capture notes "no route to host". For a connected subnet that's usually what we see when the interface is down.

Can you check the output of packet-tracer? Also provide "show interface" output.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card