cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
455
Views
1
Helpful
5
Replies

Can FMC Manage an FTD behind another managed FTD

NotQualified
Level 1
Level 1

I have an FMC within my core that manages an FTD at what I'll call a mid-point location. The mid-point location FTD connects to another FTD at the End-point location. I am able to ping from the End-point location to the FMC and visa-versa but I am not able to get the FMC to discover/manage the device. Is this even possible and/or what could be stopping it?

1 Accepted Solution
5 Replies 5

Sure Yes, 
the FMC and FTD use SSL to connect, what you need only is bypass SSL from Snort inspection of FTD (the FTD the traffic pass through) 

That is true, however, the secure channel is negotiated and established on port 8305/tcp not the traditional SSL port, so port 8305/tcp should be allowed on the mid-point firewall.

Yes, sorry I must mention that to him, 
and additional to your below comment, if He use NAT in FTD (pass through) then he need to use NAT-ID not IP in FMC for FTD(need to mgmt).
thanks alot 
MHM

Is the mid-point FTD doing any NAT?

Review Cisco Networking for a $25 gift card