FDM for IPS

WorkingGuy · ‎02-14-2024

I have an FMC at v7.0.6 with 7125 IPS v6.4. As I understand, this is the highest version that the FMC can go to and still communicate with the 7125. We have recently purchased 3110 firewalls, which have been configured with v7.1 FTD (the lowest version available for this device) and Threat Defence licence . As I understand, the 3110 can not be added to the FMC as the FMC has to be running an equal or higher software version. We are contractually obliged not to interrupt the 7125 logging except for the brief period of swap over.

The 3110 is set to directly replace the 7125. The 7125 is configured as transparent to be a bump in the wire. The 3110 can not be controlled by the local FDM if it is set to transparent. The same is true with an inline pair.

Does anyone have any ideals on how to proceed to get IPS working on the 3110? once they are working the FMC can be upgraded and the 3110 added.

tahscolony · ‎07-08-2024

Being 5 months later, I don't know if you figured it out, but I am doing a similar thing, but instead of trying to control the 2 devices with one FMC. I spun up a second FMC with the correct versions by cloning and upgrading the FMC so the policies carry over and running the 3120 alongside the 7125. I have an issue where I can't seem to get the zones attached to the inline. Running the 3120 in transparent Mutli-instance mode, since eventually the ASA has to be replaced next year as well. I get errors with the policy when trying to manage it, and the zone used on the 7125 will not show the inline pair on the 3120.