cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
302
Views
0
Helpful
1
Replies
Highlighted
Beginner

Can't deploy the rules on FTD devices

Hi There,

I'm using FMC 4500 with code 6.2.2.2 and have added 2 FTD devices they are running on 9300 (SR-24) and few FP 2100 series devices. 

I created a global policy to block the all unwanted traffic to enter the network. When I try to deploy this rule, I can't see all the FTD devices that I have in my list. I'm missing at least 3 devices (2 - FP9300 devices and 1-2100 device). FP9300 are in tranparent mode but FP2100 are in routed mode. 

 

I had similar issue before and it resolved by itself. I'm not sure if this is configuration issue or any other issue. 

 

Please let me know if you have questions to me to help me on this.

 

Thanks & Regards

Kiran Rokkam

1 REPLY 1
Cisco Employee

Re: Can't deploy the rules on FTD devices

Hi Kiran,

 

This could a confusion in terms of which rule policy is applied on which device.

When you click on deploy, it would show all the devices registered to that FMC which has pending deployment ie: any config for that device has been changed.

 

For example, you have 2 access control policies. 1 ACP is applied to 1 device and another ACP which is targeting 3 devices. Example screenshot below from Policy>access control policies.

Screen Shot 2018-05-01 at 1.20.21 PM.png

 

If you make change in the first policy which is targeting only 1 device and then save the changes. Click on deploy and FMC would show only 1 device for which config has been changed.

Similarly, if you change the second policy which is targeting 3 devices, deploy would show 3 devices in list and not 4.

If you make a change which affects both the policies, example intrusion rule update or change in a object which is called in both policies, than FMC would show all the devices in deploy list.

 

Rate if helps,

Yogesh

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards