cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
399
Views
3
Helpful
4
Replies

access list for SFR module on ASA5516X

tato386
Frequent Contributor
Frequent Contributor

Using FMC I can use platform settings to restrict IPs from accessing FTD interfaces via SSH but platform settings does not seem to be available for SFR modules.  Is there another way to restrict SSH access to SFR based on IPs?

Thanks,

Diego

1 Accepted Solution

Accepted Solutions

yes that is quick way to fix - since source coming from that switch.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

I don't recall that settings - quick and dirty way is (if the Gateway Router support ACL) use ACL to limit  the IP to allow.

https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html

Also check hardening guide if any information can be obtained.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

tato386
Frequent Contributor
Frequent Contributor

Looks like switch based ACL might be my only option.

Thanks @balaji.bandi 

yes that is quick way to fix - since source coming from that switch.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Marvin Rhoads
Hall of Fame
Hall of Fame

Nothing is available on the sfr module itself to do this. So, like @balaji.bandi said you would have to do it upstream - such as on the gateway L3 interface.,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: