06-28-2023 05:15 AM
I have an FMC within my core that manages an FTD at what I'll call a mid-point location. The mid-point location FTD connects to another FTD at the End-point location. I am able to ping from the End-point location to the FMC and visa-versa but I am not able to get the FMC to discover/manage the device. Is this even possible and/or what could be stopping it?
Solved! Go to Solution.
06-28-2023 05:33 AM
Correct, that's why I was wondering about the NAT.
06-28-2023 05:21 AM
Sure Yes,
the FMC and FTD use SSL to connect, what you need only is bypass SSL from Snort inspection of FTD (the FTD the traffic pass through)
06-28-2023 05:25 AM - edited 06-28-2023 05:26 AM
That is true, however, the secure channel is negotiated and established on port 8305/tcp not the traditional SSL port, so port 8305/tcp should be allowed on the mid-point firewall.
06-28-2023 05:27 AM
Yes, sorry I must mention that to him,
and additional to your below comment, if He use NAT in FTD (pass through) then he need to use NAT-ID not IP in FMC for FTD(need to mgmt).
thanks alot
MHM
06-28-2023 05:33 AM
Correct, that's why I was wondering about the NAT.
06-28-2023 05:23 AM
Is the mid-point FTD doing any NAT?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide