cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


4316
Views
7
Helpful
6
Replies
Cisco Employee

FQDN Objects on FTD

Hi team,

  Is it possible to create network objects using FQDN in FTD? Based on this statement I don't think it's possible: "In ASA, a network object can contain a host, a network IP address, a range of IP addresses, or a fully qualified domain name (FQDN). In the Firepower System, network objects support these same values with the exception of FQDN." https://www.cisco.com/c/en/us/td/docs/security/firepower/620/asa2ftd-migration/asa2ftd-migration-guide-620/asa2ftd_conversion_mapping.html

  This is on the roadmap or will be considered to be implemented on FTD in the future? For customers that need to create FQDN-based rules that are moving from ASA to FTD, is there a design alternative? API or any workarounds?

Regards,

.:|:.:|:.  Flavio Costa

CISCO  Virtual Systems Engineer - Security

Sao Paulo, Brazil

flavicor@cisco.com

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: FQDN Objects on FTD

Hi There,

Currently FQDN objects are not supported. There is enhancement  already raised for the issue but no ETA yet.

Here is the bug no.

CSCuv93558

Thanks,

Yogesh

6 REPLIES 6
Cisco Employee

Re: FQDN Objects on FTD

Hi There,

Currently FQDN objects are not supported. There is enhancement  already raised for the issue but no ETA yet.

Here is the bug no.

CSCuv93558

Thanks,

Yogesh

Cisco Employee

Re: FQDN Objects on FTD

Thanks for the reply! So, currently there are no other ways to achieve the same goal?

Frequent Contributor

Re: FQDN Objects on FTD

Hi, you can use the URL tab in ACP. But you will need a license.

Regards.

Obtener Outlook para Android<https://aka.ms/ghei36>

.
Beginner

Re: FQDN Objects on FTD

Hi,

Is there any documentation that tells how FQDN work flow in FTD since in ASA we can use FQDN in acl as destination but in FTD we can configure it as URL.

Re: FQDN Objects on FTD

I think I saw something on cisco live like below:

Receive Packet ->Ingress Interface -> acl permit -> Match XLATE ->Policy Inspection ->NAT IP ->Egress Interface -> L3 Route -> L2 Address -> Transmit Packet

Also Check BRKSEC-2028 on Cisco live

Highlighted
Beginner

Re: FQDN Objects on FTD

One solution would be to replace the fqdns by an app on the FMC.

 

Check video bellow:

https://www.youtube.com/watch?v=eWXEzULx-MA