Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
206
Views
0
Helpful
1
Replies

New Firepower Management Center 6.0.1 Install

bret
Level 3
Level 3

‎05-27-2016 05:09 AM - edited ‎03-12-2019 12:48 AM

I am working on a new install including 2 - FPR4120 and Firepower Management Center (FMC) 6.0.1. I have the devices connected to the FMC and have one of the devices connected with monitor interfaces, so I see data populating my dashboard. Since this is a new product to me I am finding it challenging to setup a basic block access control policy. 

The setup is a FPR4120 in each of our data centers. Both FPR4120s have 2 port-channels with sub-interfaces and and IP address configured on the sub-interfaces. Each have a management/diagnostics interface with a static IP and default static route for SNMP, Logging, etc. In data center ONE I have it configured with the monitoring interfaces. In the other data center TWO I have a default static route for one of the sub-interfaces and can ping that interface from anywhere on the network. With a basic level of connectivity established at data center TWO I created an Access Control Policy for testing to block all ICMP, see below. This policy is not working, so is there something I am missing.

All help would be greatly appreciated.

The policy I am using for testing is Main Policy TierPoint:

In the Main Policy Tierpoint I have the block rule.

Labels:
0 Helpful
1 Reply 1

ankojha
Level 3
Level 3

‎05-28-2016 11:21 PM

Hi,

Just for testing, can you disable rule 1 and then apply the policy again and test of if it blocks all icmp?

Thanks,

Ankita

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card