Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7619
Views
7
Helpful
6
Replies

FQDN Objects on FTD

Go to solution
Flavio Costa
Cisco Employee
Cisco Employee

‎01-09-2018 04:04 AM

Hi team,

  Is it possible to create network objects using FQDN in FTD? Based on this statement I don't think it's possible: "In ASA, a network object can contain a host, a network IP address, a range of IP addresses, or a fully qualified domain name (FQDN). In the Firepower System, network objects support these same values with the exception of FQDN." https://www.cisco.com/c/en/us/td/docs/security/firepower/620/asa2ftd-migration/asa2ftd-migration-guide-620/asa2ftd_conversion_mapping.html

  This is on the roadmap or will be considered to be implemented on FTD in the future? For customers that need to create FQDN-based rules that are moving from ASA to FTD, is there a design alternative? API or any workarounds?

Regards,

.:|:.:|:.  Flavio Costa

CISCO  Virtual Systems Engineer - Security

Sao Paulo, Brazil

flavicor@cisco.com

2 people had this problem
Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
yogdhanu
Cisco Employee
Cisco Employee

‎01-09-2018 05:09 AM

Hi There,

Currently FQDN objects are not supported. There is enhancement  already raised for the issue but no ETA yet.

Here is the bug no.

CSCuv93558

Thanks,

Yogesh

View solution in original post

0 Helpful
6 Replies 6

Go to solution
yogdhanu
Cisco Employee
Cisco Employee

‎01-09-2018 05:09 AM

Hi There,

Currently FQDN objects are not supported. There is enhancement  already raised for the issue but no ETA yet.

Here is the bug no.

CSCuv93558

Thanks,

Yogesh

0 Helpful

Go to solution
Flavio Costa
Cisco Employee
Cisco Employee
In response to yogdhanu

‎01-09-2018 06:32 AM

Thanks for the reply! So, currently there are no other ways to achieve the same goal?

0 Helpful

Go to solution
#Mat
Level 6
Level 6
In response to Flavio Costa

‎01-09-2018 07:10 AM

Hi, you can use the URL tab in ACP. But you will need a license.

Regards.

Obtener Outlook para Android<https://aka.ms/ghei36>

.

Go to solution
kfarhan
Level 1
Level 1
In response to yogdhanu

‎04-17-2018 11:33 PM

Hi,

Is there any documentation that tells how FQDN work flow in FTD since in ASA we can use FQDN in acl as destination but in FTD we can configure it as URL.

0 Helpful

Go to solution
tauseef.khan@scc.ccom
Level 1
Level 1
In response to kfarhan

‎04-19-2018 09:25 AM

I think I saw something on cisco live like below:

Receive Packet ->Ingress Interface -> acl permit -> Match XLATE ->Policy Inspection ->NAT IP ->Egress Interface -> L3 Route -> L2 Address -> Transmit Packet

Also Check BRKSEC-2028 on Cisco live

0 Helpful

Go to solution
isaacalves27
Level 1
Level 1

‎11-22-2018 12:22 PM

One solution would be to replace the fqdns by an app on the FMC.

 

Check video bellow:

https://www.youtube.com/watch?v=eWXEzULx-MA

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card