ā08-19-2024 02:25 AM
Hello team,
so far I have been asking here for help before TAC, and it was always helpful, or I get perfect hint.
This time, I have problem with 2 FTD managed by FMC.
Situation is next.
We have installed FMC at client place (version 7.0.1 , yes I know it is old, I will upgrade it, but client is now in full season, so after season ends, will be accomplished). It is managing 4 devices:
- 2x ASA SFR modules (already had problems with them, luckily I solved it) - this time it is not topic - and version is to old to mention.
- 2x Firepower 4112 with FTD - version 6.6.5
I can connect with ''admin'' user ( Authentication Internal ) to : FMC and ASA SFR modules , but this is not working for FTD 4112. I have tried to create new user (System/Create User) - give that user identical properties as ''admin'' user, but I can not login in to FTD 4112 CLI.
I have opinion that I am constantly skipping one step, cause, when I create new ''admin'' internal Authentication method user, I can not connect with it on FMC or ASA SFR modules. Which part I am missing, is there need for some Access Policy to be done for another local admin user.
I can post pictures if you need for better explanation, just tell me which?
Solved! Go to Solution.
ā08-19-2024 04:43 AM
Yes, and then the RADIUS server you configure there needs to be specified under platform settings > External Authentication
ā08-19-2024 02:42 AM
The users you create in the FMC System > Users area are separate from the one you log into the FTD CLI with. You need to setup CLI authentication access through platform settings, and if I remember correctly you need to use a RADIUS server for this also.
In addition to this, depending on which interface you will be accessing the CLI on you might need to enable SSH access on that interface (also through platform settings).
ā08-19-2024 03:47 AM
Hello Marius, thanks for tip.
OK, that should not be problem, cause we have RADIUS server. So when I want to edit , jump to FMC GUI System/Users/External Authentication, I suppose I need to edit this part (already tried with my username in ''CLI Access Filter'' window, saved/apply/deploy but I can not still connect to CLI on ASA SFR )
ā08-19-2024 04:43 AM
Yes, and then the RADIUS server you configure there needs to be specified under platform settings > External Authentication
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide