cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11608
Views
5
Helpful
14
Replies

Configuring Cluster ASA NGFW in transparent mode

mnice
Level 1
Level 1

Hello

 

I hope your are all well

 

I wanted to know the possibility to configure an ASA NGFW cluster in transparent mode in the following context.

 

 

infra.PNG

 

 

I started to work with the EVE-NG tool but I had problems activating the FTD interfaces, I can't put them up.

 

The objective is to filter only the traffic between the different subnet.

 

Thank you indvance for your help.

 

Regards.

2 Accepted Solutions

Accepted Solutions

Hello

 

Not really, I have already deleted the config with the erase configuration command from the local-mgmt interface and now I can't reimage the ftd.

 

I am looking for the procedure to follow to restart the ftd.

 

Regards.

View solution in original post

Hello

 

But I was able to solve the access problem by adding this command at the scope seystem/services level.

 

/system/services # enter ip-block 0.0.0.0 0 https.

 

And finaly reimage the FTD with Gui.

 

Regards.

 

View solution in original post

14 Replies 14

balaji.bandi
Hall of Fame
Hall of Fame

FTD Virtual can not be a cluster, it can be active-standby and can be configured as transparent mode (this is most case in DC or want

to do in exiting network with out changing VLAN or IP address).

 

you need FMC for this to make it ( as per i know) - make sure you enable the interface before configuring.

 

here is the simple guide to guide :

 

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699-configure-ftd-high-availability-on-firep.html

For Clustering, you need a Physical Kit and other requirements.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hello Balaji

 

Thank you for your return.

 

Effectively I meant active/passive and thank you for the correction

 

Otherwise for the transparent mode in the above scenario, I wanted to know :

 

- How to declare all FTD interfaces connected outside or inside ? or that's just for the security part .

 

For the FMC it's essential I confirm, I used a 90 days license for the tests (LAB) but the interfaces don't want to go up.

 

Infraa.PNGinterface.PNG

 

 

Regards.

 

 

 

balaji.bandi
Hall of Fame
Hall of Fame

When you doing Transparent you need BVI Interface.

 

here is the good video.

 

https://www.youtube.com/watch?v=x4EJ5bM0ReE

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hello Bandi

 

I will follow the video and try to apply

thanks again for your help

 

Regards.

balaji.bandi
Hall of Fame
Hall of Fame

you welcome, let us know  outcome ...if resolved mark as resolved.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

kapydan88
Level 4
Level 4

Hello. 

 

Can you share your lab from eve-ng?

Hello Kapydan88

 

Sorry for the late return

 

I was able to solve the firewall problem in transparent mode but now I have another problem I applied an erase configuration and since then I can't access the ftd '' connect ftd with Cli'' it displayed me ftd not installed

can you help me please.

 

Regards.

Hello

 

Please Help me to reimage the FTD application on chassis , I tried all possible methods and it doesn't work.

 

FTD2-A /ssa # show app

Application:
Name Version Description Author Deploy Type CSP Type I
s Default App
---------- --------------- ----------- ---------- ----------- ------------ -
-------------
ftd 6.2.2.81 N/A cisco Native Application Y

 

FTD2-A /ssa #
FTD2-A /ssa # exit
FTD2-A# connect module 1 console
Telnet escape character is '~'.
Trying 127.5.1.1...
Connected to 127.5.1.1.
Escape character is '~'.

CISCO Serial Over LAN:
Close Network Connection to Exit

Firepower-module1>connect ftd
ftd not installed.
Firepower-module1>

 

Regards.

 

from cli fp 1120

 

> connect
fxos Connect to FXOS Service Manager.

> connect fxos

...

 

firepower-standalone#
acknowledge Acknowledge
backup Backup
clear Clear managed objects
commit-buffer Commit transaction buffer
connect Connect to Another CLI
discard-buffer Discard transaction buffer
end Go to exec mode
exit Exit from command interpreter
scope Changes the current mode
set Set property values
show Show system information
terminal Set terminal line parameters
top Go to the top mode
up Go up one mode
where Show information about the current mode

firepower-standalone# exit
>

 

Hello Kapydan88

 

I didn't understand your message

 

Regards.

Hello

 

Now i have this notification , how to provisioning logical divice ?

 

sh-A /ssa/slot # show app-instance

Application Instance:
App Name Admin State Oper State Running Version Startup Version Clus
ter State Cluster Role
---------- ----------- ---------------- --------------- --------------- ----
----------- ------------
ftd Disabled Offline 6.2.2.81 6.2.2.81 Not
Applicable None
sh-A /ssa/slot # enter app-instance ftd
sh-A /ssa/slot/app-instance # enable
sh-A /ssa/slot/app-instance* # commit-buffer
Error: Update failed: [App Instance cannot be started. Please provision LogicalDevice before starting application.]

 

Regards.

 

Hello.

 

If i understand you correctly, you want delete current config from your FTD device via cli? Smth like "erase startup config" for cisco switches and routers and "reload". It this correct?

Hello

 

Not really, I have already deleted the config with the erase configuration command from the local-mgmt interface and now I can't reimage the ftd.

 

I am looking for the procedure to follow to restart the ftd.

 

Regards.

Hello

 

But I was able to solve the access problem by adding this command at the scope seystem/services level.

 

/system/services # enter ip-block 0.0.0.0 0 https.

 

And finaly reimage the FTD with Gui.

 

Regards.

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: