Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1239
Views
0
Helpful
4
Replies

Firesight Management Center

Rockyy
Level 1
Level 1

‎04-25-2018 01:13 PM - edited ‎02-21-2020 07:40 AM

Hello,

I have an existing ASA5506-x in my network and recently I've installed FMC to manage my firewall. The problem is under NAT no security zones are appearing in FMC.

 

Cisco Adaptive Security Appliance Software Version 9.8(1)
Firepower Extensible Operating System Version 2.2(1.47)
Device Manager Version 7.8(1)

 

 

> show summary
-------------------[ firepower ]--------------------
Model : ASA5506 (72) Version 6.2.0 (Build 362)
Rules update version : 2017-09-13-001-vrt
VDB version : 297
----------------------------------------------------

------------------[ policy i ]-------------------
Access Control Policy : NUMINA DEFAULT INTERNET

--------------------[ outside ]---------------------
Physical Interface : GigabitEthernet1/1
Type : ASA
Security Zone : Untrusted
Status : Enabled
Load Balancing Mode : N/A
---------------------[ inside ]---------------------
Physical Interface : GigabitEthernet1/2
Type : ASA
Security Zone : Trusted
Status : Enabled
Load Balancing Mode : N/A
---------------------[ cplane ]---------------------
IPv4 Address : 127.0.2.1
----------------------[ eth0 ]----------------------
Physical Interface : eth0
Type : Management
Status : Enabled
MDI/MDIX : Auto
MTU : 1500
MAC Address : 70:69:5A:4F:0A:9A
IPv4 Address : 192.168.100.5
--------------------[ tun1 ]----------------------
IPv6 Address : fdcc::bd:0:ffff:a9fe:1/64
---------------------[ tunl0 ]----------------------
----------------------------------------------------

---------------[ snort version info ]---------------
Snort Version : 2.9.12 GRE (Build 136)
libpcap Version : 1.1.1
PCRE Version : 7.4 2007-09-21
ZLIB Version : 1.2.5
----------------------------------------------------

 

Attached is the screenshot.

Labels:
Preview file
105 KB
0 Helpful
4 Replies 4

michoudi
Level 1
Level 1

‎04-26-2018 02:58 PM

The FMC isn't going to pull the existing security zones from the ASA. You need to create the security zones in the FMC under Objects>Object Management>Interface.
0 Helpful

yogdhanu
Cisco Employee
Cisco Employee

‎04-26-2018 10:34 PM

Hi Rocky,

 

I assume you are using FTD software on ASA and managing it via FMC. You would need to create the zones under device>settings based on interface or define zones under Object and then map them with interfaces.

 

Hope that helps,

yogesh

0 Helpful

Rockyy
Level 1
Level 1
In response to yogdhanu

‎04-27-2018 06:38 PM

Correct, I'm using FTD softwareo n ASA and managing it via FMC. I did the basic configurations on ASA firewall i.e. NAT, inside, outside interfaces. Write an access-list to send traffic to SFR, class-map, policy and it is sending traffic to SFR.

I have created zones via FMC under Objects -> Interfaces -> Add -> Security Zone. After that I have created new policy for NAT save deploy and come back under NAT but no security zones are appearing over there.

Please advise if I'm missing something and why it's just not showing it?
0 Helpful

Rockyy
Level 1
Level 1
In response to Rockyy

‎04-28-2018 07:06 PM

I guess I have done enough struggle with it, I'm not sure what I'm doing is wrong but it's not appearing there at all.

Basically, I guess I was confused with FTD vs ASA with FirePower.

Please correct me if I'm wrong, I have ASA 5506-X which comes FirePower

While run show module it appears SFR there, so if it's an SFR I can manage Routing, NAT, VPN through ASA and Firepower Services Software will do - AVC, URL Filtering, NGIPS, and AMP.

Is that correct?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card