Can't deploy the rules on FTD devices

kiranrokkam · ‎04-30-2018

Hi There,

I'm using FMC 4500 with code 6.2.2.2 and have added 2 FTD devices they are running on 9300 (SR-24) and few FP 2100 series devices.

I created a global policy to block the all unwanted traffic to enter the network. When I try to deploy this rule, I can't see all the FTD devices that I have in my list. I'm missing at least 3 devices (2 - FP9300 devices and 1-2100 device). FP9300 are in tranparent mode but FP2100 are in routed mode.

I had similar issue before and it resolved by itself. I'm not sure if this is configuration issue or any other issue.

Please let me know if you have questions to me to help me on this.

Thanks & Regards

Kiran Rokkam

yogdhanu · ‎05-01-2018

Hi Kiran,

This could a confusion in terms of which rule policy is applied on which device.

When you click on deploy, it would show all the devices registered to that FMC which has pending deployment ie: any config for that device has been changed.

For example, you have 2 access control policies. 1 ACP is applied to 1 device and another ACP which is targeting 3 devices. Example screenshot below from Policy>access control policies.

Screen Shot 2018-05-01 at 1.20.21 PM.png

If you make change in the first policy which is targeting only 1 device and then save the changes. Click on deploy and FMC would show only 1 device for which config has been changed.

Similarly, if you change the second policy which is targeting 3 devices, deploy would show 3 devices in list and not 4.

If you make a change which affects both the policies, example intrusion rule update or change in a object which is called in both policies, than FMC would show all the devices in deploy list.

Rate if helps,

Yogesh

Can't deploy the rules on FTD devices

FTD Rules

Secure Access: Network Tunnel Groupの接続におけるFTDのECMP設定例

Cisco Secure Firewall (FTD) - How To

Troubleshoot EIGRP on FTD Devices

Doc - Troubleshooting de tráfico de datos y control en el FTD