Is it possible to create network objects using FQDN in FTD? Based on this statement I don't think it's possible: "In ASA, a network object can contain a host, a network IP address, a range of IP addresses, or a fully qualified domain name (FQDN). In the Firepower System, network objects support these same values with the exception of FQDN." https://www.cisco.com/c/en/us/td/docs/security/firepower/620/asa2ftd-migration/asa2ftd-migration-guide-620/asa2ftd_conversion_mapping.html
This is on the roadmap or will be considered to be implemented on FTD in the future? For customers that need to create FQDN-based rules that are moving from ASA to FTD, is there a design alternative? API or any workarounds?
.:|:.:|:. Flavio Costa
CISCO Virtual Systems Engineer - Security
Sao Paulo, Brazil
Solved! Go to Solution.
Hi, you can use the URL tab in ACP. But you will need a license.
Obtener Outlook para Android<https://aka.ms/ghei36>
Is there any documentation that tells how FQDN work flow in FTD since in ASA we can use FQDN in acl as destination but in FTD we can configure it as URL.
I think I saw something on cisco live like below:
Receive Packet ->Ingress Interface -> acl permit -> Match XLATE ->Policy Inspection ->NAT IP ->Egress Interface -> L3 Route -> L2 Address -> Transmit Packet
Also Check BRKSEC-2028 on Cisco live