10-06-2021 03:05 AM
Hi,
I've just got new Cisco 1010 and decided to use Firepower NGFW instead of ASA image, just to learn. All seems fine when using FDM web interface, but it looks quite limited in feature. Unfortunately I can't afford FMC license and I have to set QoS policies, which doesn't seem to be available on FDM. As far as I understand my only option will be CLI (or am I wrong and there is other free tool which I can use)? I've tried to find any documents about this, but all refer to FMC. Could you help please?
Solved! Go to Solution.
10-06-2021 03:15 AM
Yes, you cannot configure QoS natively using the FDM GUI, your only option is potentially to use FlexConfig, where you can use the old ASA CLI commands to deploy to the FTD.
Here is an example of the ASA QoS commands.
You'll need to take these commands and deploy using a FlexConfig object/policy to the FTD.
Information on using FlexConfig.
10-06-2021 03:15 AM
Yes, you cannot configure QoS natively using the FDM GUI, your only option is potentially to use FlexConfig, where you can use the old ASA CLI commands to deploy to the FTD.
Here is an example of the ASA QoS commands.
You'll need to take these commands and deploy using a FlexConfig object/policy to the FTD.
Information on using FlexConfig.
10-06-2021 03:58 AM
Rob, many thanks for your clear reply. This is my first look at Firepower NGFW image, and I'm really surprised. I mean, I've expected this will work like old ASA with some improvements, so configuration can be fully done in cli, but this doesn't seem to be a case anymore and everything has to be done through interface. Am I correct?
10-06-2021 04:08 AM
Yes, the majority of the configuration has to be defined using the Web GUI. The CLI is used for configuring the management interface settings and troubleshooting.
Local management of the FTD using FDM does not have full feature parity with an FTD managed by the FMC nor the old ASA image, yet.
10-06-2021 04:10 AM
Thank you!
10-06-2021 09:01 AM
Unfortunately it looks this is impossible using FlexConfig. Any ides? It wouldn't make any sense that I can't do simple QoS on the firewall...
https://community.cisco.com/t5/network-security/ftd-1010-traffic-shaping-minus-fmc/td-p/4176198
10-06-2021 09:25 AM - edited 10-07-2021 02:16 AM
@Piotr Kowalczyk sorry to hear that this won't work with flexconfig, if QoS doesn't work when deployed via Flexconfig then you cannot do it at all (yet). Like I said, unfortunately there still isn't full feature parity yet when using FDM to manage FTD. If QoS is a hard requirement for you then you can re-image the device to use the ASA software, you just don't get the NGFW features.
Reimage guide if you wish to reimage.
https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html
10-07-2021 01:14 AM
Hi Rob,
Thank you for all your help.
As I don't have support contract for this Cisco FTD 1010, could you tell me where I can download upgrade files please?
10-07-2021 02:15 AM
@Piotr Kowalczyk 2 options, contact the cisco partner you purchased the hardware from and ask them to provide the ASA image or purchase a support contract.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide