09-02-2023 03:00 PM
Using FMC I can use platform settings to restrict IPs from accessing FTD interfaces via SSH but platform settings does not seem to be available for SFR modules. Is there another way to restrict SSH access to SFR based on IPs?
Thanks,
Diego
Solved! Go to Solution.
09-05-2023 04:38 AM
yes that is quick way to fix - since source coming from that switch.
09-03-2023 01:10 AM
I don't recall that settings - quick and dirty way is (if the Gateway Router support ACL) use ACL to limit the IP to allow.
https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html
Also check hardening guide if any information can be obtained.
09-04-2023 05:49 AM
Looks like switch based ACL might be my only option.
Thanks @balaji.bandi
09-05-2023 04:38 AM
yes that is quick way to fix - since source coming from that switch.
09-05-2023 05:45 AM
Nothing is available on the sfr module itself to do this. So, like @balaji.bandi said you would have to do it upstream - such as on the gateway L3 interface.,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide