Re: Deploy FTDv in AWS - not reachable

Difan Zhao · ‎09-20-2023

I followed this YouTube video to create the instance. https://www.youtube.com/watch?v=_WfqPZWgM0c&t=1212s

I pre-created four interfaces. The mgmt and diag interfaces are in the mgmt subnet that has a default route to IGW. The inside and outside interfaces are in their respective subnets. The mgmt and outside interface have the elastic IP assigned. The SG is wide open for both inbound and outbound.

The AMI image is ftdv-7.3.0-69-ENA-ad0af76e-c569-4a81-84d0-cff2308179ef or FTD with BYOL

Is there a specific sequence requirement for attaching the interfaces to the instance? I went by mgmt, diag, inside and outside.

I created another Linux in the same mgmt subnet with an elastic IP. I can connect to the Linux box. From it, I still can't ping or ssh to the mgmt interface with its private IP...

What did I do wrong?

Thanks!

Difan

Milos_Jovanovic · ‎09-21-2023

Hi @Difan Zhao,

If you can connect to management interface from same subnet but not from different one, I would assume your routing is not ok. Check what is your next hop, and what route table is attached to that network.

Kind regards,

Milos

Difan Zhao · ‎09-21-2023

Hi Milos, sorry I meant I could connect to the Linux box and from the Linux box, I still can't connect to the FTD with its private IP on the mgmt subnet... I have updated my original post to have more clear wording. Sorry about the confusion... Thanks for your response.

Difan Zhao · ‎09-21-2023

Ok so I found out that AWS can do a "EC2 serial console" connection to it. Once I got in, I landed in the > prompt. Then I ran the "configure network ipv4 manual 10.1.1.4 255.255.255.240 10.1.1.1" command and now it works.. I didn't do a "show network" beforehand so I don't know whether it had the IP before.