Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
531
Views
0
Helpful
3
Replies

Cant PING FQDN from CLISH FTD

keithcclark71
Level 3
Level 3

‎09-13-2022 08:23 AM - edited ‎09-13-2022 08:27 AM

I'd like to register FMC manager by FQDN but from Clish mode on FTD when I do show network command I have 2 different sections showing my DNS config. I can ping outside public IP addresses so I know routing is fine but I cannot ping or resolve external names to IP addresses. I am hoping if I can get name resolution working that I can register my FTD's to the FMC using FQDN rather than Public IP address. Anyone follow me here and have any thoughts as I gotta get this FTD in place tomorrow and I'm worried that if I register through the data interface using Public IP of firewall in front of the FMC that if they ever change ISP's and that public IP changes that all my tail site FTD's will break meaning I'll no longer be able to deploy changes etc. Please help here

Also when I registered teh FTD over the data interface I was expecting to see the WAN IP of the FTD established 8305 to public IP address of the manager but it does not. It show like a private IP established to it as follows. What is up with that???
tcp 0 58 169.254.1.3:8305 FMCMANAGERPUBLICIP:51043 ESTABLISHED
tcp 0 0 169.254.1.3:8305 FMCMANAGERPUBLICIP:35467 ESTABLISHED

===============[ System Information ]===============
Hostname : TT-FTD1010-3
DNS Servers : 208.67.222.222
208.67.220.220
2620:119:35::35
DNS from router : enabled
Management port : 8305
IPv4 Default route
Gateway : 192.168.3.1
Netmask : 0.0.0.0

======[ System Information - Data Interfaces ]======
DNS Servers : 208.67.222.123
208.67.220.123
Interfaces : Ethernet1/1

0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎09-13-2022 08:30 AM

never tried that option, since most of the deployment in same DC.

 

image.png

check some Limitaton here :

 

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/215540-configure-verify-and-troubleshoot-firep.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

keithcclark71
Level 3
Level 3
In response to balaji.bandi

‎09-13-2022 11:31 AM

If ip address of the FMC remote management IP changes can one at least change the manager IP address on the FTD rather than having to reregister it using the new IP address of the FMC ?

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to keithcclark71

‎09-14-2022 04:24 AM

In general condition, we expect Management to be fixed not to change dynamically, so this need to consider when you deploying, if not config push from FMC can not reach FTD, if the IP changed.

for now i belive you need to rgister if the FTD IP changed i guess.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card