Re: Cisco Firepower Threat Defense Configuration of Network Objects

FLTRU16 · ‎03-27-2025

Hoping someone can clarify this for me.

I have a FTD 1120, v7.4.2.1-30 being admin'd thru FDM. In the Networks section the values are all set at a /24 or smaller. Can Cisco handle a /17 or do I have to create multiple /24's and them group them together. All of Cisco documents show is a /24 or single subnet.

Thanks in advance.

nspasov · ‎03-28-2025

Can you elaborate a bit more on what network objects you are referring to? Perhaps you can also include a screenshot.

Thank you for rating helpful posts!

FLTRU16 · ‎03-31-2025

Objects > Networks

When I add a new network like this, the rest of our network and VPN connection cannot see and connect.

I have to break them down to individual /24 networks then combine them into a group like this. But this still did not work for the Site-to-Site VPN.

I ended up breaking it down Barny style for Cisco to complete the connection

Hope this helps some.

MHM Cisco World · ‎03-31-2025

You use superNet for multi' that sure not work the ftd will mark it as conflict.

MHM

FLTRU16 · ‎03-31-2025

I originally tried the superNet. Let the VPN simmer for 24 hours and it still would not connect. I changed back to /24 and the VPN instantly connected. I'm sure it is something I'm missing.
I managed to go 16 years in IT without having to deal with Cisco products. some setting are just stupid.

Marvin Rhoads · ‎03-31-2025

Are you trying to reach resources via an IPsec VPN? Or something else? Cisco firewalls, FDM-managed or otherwise, can certainly handle a /17. However, there may be other factors you haven't mentioned so far that prevent your connectivity from working as desired in your case.