I recently purchased 3 of the new Firepower 1010. I an using the device up using the on box management, Firepower Device Manager (FDM), to configure the firewalls. I currently don't have enough FMC licenses to connect the firewalls to FMC at this time. With a Cisco ASA I would simply be able to set security levels on each interface to create a stateful firewall. I would like to accomplish the same thing on the Firepower 1010. Does the Firepower 1010 have a feature that would allow me to configure a stateful firewall using FDM? Honestly FDM seems pretty bare bones and I'm not super impressed with it...
If you are using Zones like you describe then your ACP rule entry would be based on Zones via Zones tab. From Inside Zone to Outside Zone "Allow". It is stateful and return traffic will be allowed back.
So if I create an inside and an outside security zone and apply them to the appropriate interfaces all I should need to do is create an Access Control rule to allow inside to outside and it the 1010 should perform state tracking?
I factory reset the device and it looks like that is all it did by default.
If you are using Zones like you describe then your ACP rule entry would be based on Zones via Zones tab. From Inside Zone to Outside Zone "Allow". It is stateful and return traffic will be allowed back.
In this case there is no NAT being used. This Firewall terminates isolated PVLANs and there is no NAT.
I realized that I actually have a miconfiguration on the downstream switch that was the issue. The stateful firewall was working as it was supposed to after I resolved the downstream issue. I had the switchport setup to be a trunk with a list of allowed VLANs, evidently I forgot the switchport mode trunk command... I appreciate all of the help however!
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
