cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

712
Views
0
Helpful
4
Replies
Rockyy
Beginner

Firesight Management Center

Hello,

I have an existing ASA5506-x in my network and recently I've installed FMC to manage my firewall. The problem is under NAT no security zones are appearing in FMC.

 

Cisco Adaptive Security Appliance Software Version 9.8(1)
Firepower Extensible Operating System Version 2.2(1.47)
Device Manager Version 7.8(1)

 

 

> show summary
-------------------[ firepower ]--------------------
Model : ASA5506 (72) Version 6.2.0 (Build 362)
Rules update version : 2017-09-13-001-vrt
VDB version : 297
----------------------------------------------------

------------------[ policy i ]-------------------
Access Control Policy : NUMINA DEFAULT INTERNET

--------------------[ outside ]---------------------
Physical Interface : GigabitEthernet1/1
Type : ASA
Security Zone : Untrusted
Status : Enabled
Load Balancing Mode : N/A
---------------------[ inside ]---------------------
Physical Interface : GigabitEthernet1/2
Type : ASA
Security Zone : Trusted
Status : Enabled
Load Balancing Mode : N/A
---------------------[ cplane ]---------------------
IPv4 Address : 127.0.2.1
----------------------[ eth0 ]----------------------
Physical Interface : eth0
Type : Management
Status : Enabled
MDI/MDIX : Auto
MTU : 1500
MAC Address : 70:69:5A:4F:0A:9A
IPv4 Address : 192.168.100.5
--------------------[ tun1 ]----------------------
IPv6 Address : fdcc::bd:0:ffff:a9fe:1/64
---------------------[ tunl0 ]----------------------
----------------------------------------------------

---------------[ snort version info ]---------------
Snort Version : 2.9.12 GRE (Build 136)
libpcap Version : 1.1.1
PCRE Version : 7.4 2007-09-21
ZLIB Version : 1.2.5
----------------------------------------------------

 

Attached is the screenshot.

4 REPLIES 4
michoudi
Beginner

The FMC isn't going to pull the existing security zones from the ASA. You need to create the security zones in the FMC under Objects>Object Management>Interface.
yogdhanu
Cisco Employee

Hi Rocky,

 

I assume you are using FTD software on ASA and managing it via FMC. You would need to create the zones under device>settings based on interface or define zones under Object and then map them with interfaces.

 

Hope that helps,

yogesh

Correct, I'm using FTD softwareo n ASA and managing it via FMC. I did the basic configurations on ASA firewall i.e. NAT, inside, outside interfaces. Write an access-list to send traffic to SFR, class-map, policy and it is sending traffic to SFR.

I have created zones via FMC under Objects -> Interfaces -> Add -> Security Zone. After that I have created new policy for NAT save deploy and come back under NAT but no security zones are appearing over there.

Please advise if I'm missing something and why it's just not showing it?

I guess I have done enough struggle with it, I'm not sure what I'm doing is wrong but it's not appearing there at all.

Basically, I guess I was confused with FTD vs ASA with FirePower.

Please correct me if I'm wrong, I have ASA 5506-X which comes FirePower

While run show module it appears SFR there, so if it's an SFR I can manage Routing, NAT, VPN through ASA and Firepower Services Software will do - AVC, URL Filtering, NGIPS, and AMP.

Is that correct?