cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

225
Views
0
Helpful
3
Replies

Problems with firepower

lease note to start I don't know firepower at all but I'm trying to muddle thru.

 

I have an internal firewall separating  customers from my network. My device management center, therefore is outside the firewall. I have multiple customers all on sub-interfaces on the inside. One sub-interface is to my companies networks on the inside. So I have a bunch of questions.

As far as the management interface, I seem to only be able to put an ip address in firepower, not on the interface itself. Is this correct?

I know that the management interface needs to be on the inside interface but I have no way to get to it through the firewall. Given the placement of the device manager, should the management interface be on the same side as the outside interface?

 

I also cannot register the firewall with the device manager, I think that will work once I get the rest going but that may be another issue.

Stick figure network attached

3 REPLIES 3
Highlighted
Hall of Fame Master

Re: Problems with firepower

What type of Firepower are you asking about?

Firepower Threat Defense (FTD) or an ASA with Firepower service module?

The procedure varies slightly but for both it's mandatory to use the physical management interface. You can put that on the "outside" or else pre-configure it during staging while attached to the inside and then allowing the access from outside via an ACP rule and/or NAT statement.

Re: Problems with firepower

This does NOT help at all. The answer is so general that to be quite honest, is useless.

The management port does NOT allow an IP assignment except within firepower itself. BTW, I'm using firepower for intrusion detection IF I can ever get it to be manageable.

 

What is an ACP rule? How does it work? I knpw acl's but never heard of acp's. I can't even google that.

Hall of Fame Master

Re: Problems with firepower

I'm sorry you found my earlier reply not helpful. I've helped thousands of people here out of my own willingness over the past 18 years and very seldom hear that my answers are useless.

Let me try to explain in some more detail.

You asked about Firepower. The Firepower term includes a family of products from the rebranded "classic" Sourcefire appliances to ASAs with Firepower service modules to VMs to Firepower Threat Defense (FTD) running on newly released hardware appliances. How one answers your question accurately depends on which of those you have. They all use their management interfaces slightly differently and the method for configuring each varies somewhat.

ACP is an abbreviation for Access Control Policy. It is the main policy in which one sets access options for traffic through the device - what's allowed, how it's inspected etc. It comprises what one might have normally thought of as Access Control Lists (ACLs) but, where they classically refer to a simple 5-tuple (protocol, source and destination address and port), an ACP includes many more parameters and also references child policies such as intrusion, identity, SSL, discovery, etc.

I hope this helps and am happy to answer any follow on question if I'm able.