cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1098
Views
0
Helpful
8
Replies
Piotr Kowalczyk
Beginner

Cisco 1010 QoS with FDM only.

Hi,

I've just got new Cisco 1010 and decided to use Firepower NGFW instead of ASA image, just to learn. All seems fine when using FDM web interface, but it looks quite limited in feature. Unfortunately I can't afford FMC license and I have to set QoS policies, which doesn't seem to be available on FDM. As far as I understand my only option will be CLI (or am I wrong and there is other free tool which I can use)? I've tried to find any documents about this, but all refer to FMC. Could you help please?

1 ACCEPTED SOLUTION

Accepted Solutions
Rob Ingram
VIP Expert

@Piotr Kowalczyk 

Yes, you cannot configure QoS natively using the FDM GUI, your only option is potentially to use FlexConfig, where you can use the old ASA CLI commands to deploy to the FTD.

 

Here is an example of the ASA QoS commands.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/82310-qos-voip-vpn.html

 

You'll need to take these commands and deploy using a FlexConfig object/policy to the FTD.

 

Information on using FlexConfig.

https://www.cisco.com/c/en/us/td/docs/security/firepower/70/fdm/fptd-fdm-config-guide-700/fptd-fdm-advanced.html#concept_B3DA80CF3E4243CB90179E950335C6E6

View solution in original post

8 REPLIES 8
Rob Ingram
VIP Expert

@Piotr Kowalczyk 

Yes, you cannot configure QoS natively using the FDM GUI, your only option is potentially to use FlexConfig, where you can use the old ASA CLI commands to deploy to the FTD.

 

Here is an example of the ASA QoS commands.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/82310-qos-voip-vpn.html

 

You'll need to take these commands and deploy using a FlexConfig object/policy to the FTD.

 

Information on using FlexConfig.

https://www.cisco.com/c/en/us/td/docs/security/firepower/70/fdm/fptd-fdm-config-guide-700/fptd-fdm-advanced.html#concept_B3DA80CF3E4243CB90179E950335C6E6

Rob, many thanks for your clear reply. This is my first look at Firepower NGFW image, and I'm really surprised. I mean, I've expected this will work like old ASA with some improvements, so configuration can be fully done in cli, but this doesn't seem to be a case anymore and everything has to be done through interface. Am I correct?

@Piotr Kowalczyk 

Yes, the majority of the configuration has to be defined using the Web GUI. The CLI is used for configuring the management interface settings and troubleshooting.

 

Local management of the FTD using FDM does not have full feature parity with an FTD managed by the FMC nor the old ASA image, yet.

Thank you!

Unfortunately it looks this is impossible using FlexConfig. Any ides? It wouldn't make any sense that I can't do simple QoS on the firewall...

 

https://community.cisco.com/t5/network-security/ftd-1010-traffic-shaping-minus-fmc/td-p/4176198

@Piotr Kowalczyk sorry to hear that this won't work with flexconfig, if QoS doesn't work when deployed via Flexconfig then you cannot do it at all (yet). Like I said, unfortunately there still isn't full feature parity yet when using FDM to manage FTD. If QoS is a hard requirement for you then you can re-image the device to use the ASA software, you just don't get the NGFW features.

 

Reimage guide if you wish to reimage.

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html

 

Hi Rob,

Thank you for all your help.

As I don't have support contract for this Cisco FTD 1010, could you tell me where I can download upgrade files please?

@Piotr Kowalczyk 2 options, contact the cisco partner you purchased the hardware from and ask them to provide the ASA image or purchase a support contract.

Create
Recognize Your Peers
Content for Community-Ad