firepower 1000 series startup issue

kapydan88 · ‎03-15-2020

Hello for everybody.

We are trying to install firepower 1120. Current problem is that we cant to connect device through static outside ip to internet and activate id token. Is there any additional steps for assigning a static external ip address instead of dhcp?

If i understood correctly, we need just change dhcp to static tab and specify the gateway. We dont need to create any acses lists and apply them to interfaces.

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/fdm/fptd-fdm-config-guide-640/fptd-fdm-get-started.html#id_10209

Marvin Rhoads · ‎03-15-2020

I'm assuming you are managing your device which is running FTD image with Firepower Device Manager. In such a setup, it is the FTD appliance's management interface that needs to communicate with the Cisco portal. So it needs a gateway (which could be your inside interface) and, if it is using FTD itself for Internet access, you will need generally a basic NAT rule for outbound traffic.

kapydan88 · ‎03-15-2020

Yes, we manage this fp1120 through firepower device managemet (https://192.168.1.1). We connect two cables like in this picture:

e1/1 - public static ip - outside interfcae

e1/2 - internal ip (dhcp from 192.168.1.0/24 pool, in our case 192.168.1.5) - inside interface

If i understood correctly, in this particular case, firepower "think", that its default gateway is inside with 192.168.1.1 address. And we need to create nat rule for 192.168.1.0/24 network to connect to an external cisco portal?