Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
382
Views
0
Helpful
6
Replies

Cisco Firepower Threat Defense Configuration of Network Objects

FLTRU16
Level 1
Level 1

‎03-27-2025 12:48 PM

Hoping someone can clarify this for me.

I have a FTD 1120, v7.4.2.1-30 being admin'd thru FDM. In the Networks section the values are all set at a /24 or smaller. Can Cisco handle a /17 or do I have to create multiple /24's and them group them together. All of Cisco documents show is a /24 or single subnet. 

Thanks in advance.

Labels:
0 Helpful
6 Replies 6

nspasov
Cisco Employee
Cisco Employee

‎03-28-2025 02:16 PM

Can you elaborate a bit more on what network objects you are referring to? Perhaps you can also include a screenshot.

Thank you for rating helpful posts!

0 Helpful

FLTRU16
Level 1
Level 1

‎03-31-2025 09:01 AM - edited ‎03-31-2025 09:04 AM

Objects > Networks

FLTRU16_0-1743436699935.png

When I add a new network like this, the rest of our network and VPN connection cannot see and connect. 

FLTRU16_1-1743436778598.png

I have to break them down to individual /24 networks then combine them into a group like this. But this still did not work for the Site-to-Site VPN. 

FLTRU16_2-1743436849277.png

I ended up breaking it down Barny style for Cisco to complete the connection

FLTRU16_3-1743437032755.png

 

Hope this helps some.

 

 

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to FLTRU16

‎03-31-2025 09:05 AM

You use superNet for multi' that sure not work the ftd will mark it as conflict.

MHM

0 Helpful

FLTRU16
Level 1
Level 1

‎03-31-2025 10:01 AM

I originally tried the superNet. Let the VPN simmer for 24 hours and it still would not connect. I changed back to /24 and the VPN instantly connected. I'm sure it is something I'm missing. 
I managed to go 16 years in IT without having to deal with Cisco products. some setting are just stupid.

 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-31-2025 11:33 AM

Are you trying to reach resources via an IPsec VPN? Or something else? Cisco firewalls, FDM-managed or otherwise, can certainly handle a /17. However, there may be other factors you haven't mentioned so far that prevent your connectivity from working as desired in your case.

0 Helpful

FLTRU16
Level 1
Level 1
In response to Marvin Rhoads

‎04-03-2025 12:25 PM

That is correct. We have Meraki MX devices at our off site location. When we create the supernet on our FTD to the MX's the MX sites are not able to see any of the IP Address in the supernet and the VPN Status just show a red status light for the Non-Meraki Peers. If we dismantle the supernet and set the subnets to a max of /24 everything works fine. 
I am not sure is using a FTD to connect all these sites is the best idea, would prefer to use a MX at our HQ but this is what I have to work with. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card