Firepower 4110 and DNS

DentsplyIHAB · ‎08-24-2016

Trying to troubleshoot why url filtering isn't working for our new FP 4110 boxes. One theory of mine is that the FTD can't perform a DNS lookup, supported by the fact I can't ping or traceroute hostnames from the FTD cli. But I can't for the life of my find anywhere either in cli nor in FMC where I can specify DNS servers for the FTD so I'm assuming I'm still too much in the ASA world and this is either not how it's done anymore or it gets that setting from somewhere else. Anyone that can shed some light on this?

Marvin Rhoads · ‎08-24-2016

Setup of DNS server(s) for an appliance with FTD image is done as part of the initial setup:

http://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp4100/ftd-4100-qsg.html#pgfId-166160

You can check it from the FTD cli with "show dns".

DentsplyIHAB · ‎08-24-2016

Thanks for your reply. So it uses whatever DNS was configured on the chassis pre-deployment of the FTD? I just get "INFO: no activated FQDN" so by the looks of it it hasn't picked that up. Any way of changing that post-deployment?

AurangzebK · ‎01-05-2018

There are two different systems to resolve DNS on FTD. Configuration of both is done separately.

1: DNS for System (this is configured during initial setup and used for management plane)

2: DNS for Cli (this is configured via Flexconfig) < ----- you need to configure this