cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1071
Views
0
Helpful
3
Replies

Can an FTD managed by FMC still have time based ACL like ASA?

Jack G
Level 1
Level 1

I didn’t see anything for time based ACL in my rule. Am I missing something? Also it appears my FTD device managed by FMC is using UTC time, is this normal? I have a case open with TAC but we can’t seem to change it to CST.

1 Accepted Solution

Accepted Solutions

mikael.lahtela
Level 4
Level 4
Hi,

No there is not yet any support for time based rules in FTD, you could look at controlling rules from the Rest API.
Where do you see the UTC time?
The FTD is using UTC time in the backend, but should show logs and dashboards with local timezone times.
The dashboard can be tricky as there is a setting on each graphed widget that needs to be changed manually.
What version are you running?

br, Micke

View solution in original post

3 Replies 3

mikael.lahtela
Level 4
Level 4
Hi,

No there is not yet any support for time based rules in FTD, you could look at controlling rules from the Rest API.
Where do you see the UTC time?
The FTD is using UTC time in the backend, but should show logs and dashboards with local timezone times.
The dashboard can be tricky as there is a setting on each graphed widget that needs to be changed manually.
What version are you running?

br, Micke

Thank you Micke. Version is 6.2.2 In the FMC, under Devices, Device Management, Device, off to the right under System, it shows Time Zone: UTC. I was requested to enable the syslog option "Include timestamp in syslogs" on the FTD, but what I noticed is that the time stamps are off 6 hours from the time stamp of the Kiwi syslog stamp, because Kiwi is using CST and the FTD is on UTC. Not a huge deal, but wanted to confirm I'm not missing something for I see no way to change it. For instance the syslog file looks like this:
2018-01-31 10:54:37 Local4.Info 192.168.1.1 Jan 31 2018 16:54:31 %ASA-6-302011: Built dynamic TCP...

Yeah, UTC time stamp is used in the syslog message just to keep that in mind.
You could verify this with Cisco and ask for a enhancement request to have option to change timezone for that.
There is an enhancement request for FireSIGH:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuu17182/?referring_site=bugquickviewredir

br, Micke
Review Cisco Networking for a $25 gift card