cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2220
Views
0
Helpful
2
Replies

FDM device summary/deployment gone wrong

roliveira11
Level 1
Level 1

Hi Everyone,

 

I've been involved in a project where a firepower 2110 series appliance was deployed(to replace an ASA) but none of the features purchased were put to good use(or at all really). Smart licensing is out of compliance now and quite frankly the basic setup doesnt appear to be correct either.. the appliance is being managed by FDM and the device summary page, the inside connection is lit green but the outside is grey displaying (no interfaces labeled outside.. outbound internet works so I'm assuming this is related to the inability to leveagel features like threat, amp, url.. is my assumption correct??

 

I'd like to go through the appliance..start looking at the basic setup, configure fast pathing, emable security intelligence, refine protected networks, recreate more defined access control policies, possibly enable network discovery to automatically build the host profiles appropriate for our IPS/Malware policy needs. Is that a good approach? Again, the Fp2110 was implemented to simply replace the ASA.. which it did.. but none of the features were taken advantage of..

any insight would be great.

thanks Cisco community

 

2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

Have a look at the most recent Cisco Live presentations on Firepower. There are a couple that describe useful things to have a look at when setting up Firepower devices.

Not all features can be configured using FDM so at a certain point we would normally advise customers to setup a Firepower Management Center if they require access to all of the more advanced features.

johnlloyd_13
Level 9
Level 9

hi,

if the ASA config was migrated to an FP 2100, you should have the basics covered: interface IP, security level/zones, routing, ACL and NAT configured.

if outside interface is greyed out, you should troubleshoot the ISP connectivity/L1 issue first then resolve the licensing issue afterwards, if needed.

Review Cisco Networking for a $25 gift card