cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
277
Views
0
Helpful
3
Replies

FMC configure FTD users

zeljkosan
Level 1
Level 1

Hello team,

so far I have been asking here for help before TAC, and it was always helpful, or I get perfect hint.

This time, I have problem with 2 FTD managed by FMC.

Situation is next.

We have installed FMC at client place  (version 7.0.1 , yes I know it is old, I will upgrade it, but client is now in full season, so after season ends, will be accomplished). It is managing 4 devices:

- 2x ASA SFR modules (already had problems with them, luckily I solved it) - this time it is not topic - and version is to old to mention.

- 2x Firepower 4112 with FTD - version 6.6.5

 

I can connect with ''admin'' user ( Authentication Internal ) to : FMC and ASA SFR modules , but this is not working for FTD 4112. I have tried to create new user (System/Create User) - give that user identical properties as ''admin'' user, but I can not login in to FTD 4112 CLI.

I have opinion that I am constantly skipping one step, cause, when I create new ''admin'' internal Authentication method user, I can not connect with it on FMC or ASA SFR modules. Which part I am missing, is there need for some Access Policy to be done for another local admin user.

I can post pictures if you need for better explanation, just tell me which?

 

 

1 Accepted Solution

Accepted Solutions

Yes, and then the RADIUS server you configure there needs to be specified under platform settings > External Authentication

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

3 Replies 3

The users you create in the FMC System > Users area are separate from the one you log into the FTD CLI with.  You need to setup CLI authentication access through platform settings, and if I remember correctly you need to use a RADIUS server for this also.

In addition to this, depending on which interface you will be accessing the CLI on you might need to enable SSH access on that interface (also through platform settings).

--
Please remember to select a correct answer and rate helpful posts

zeljkosan
Level 1
Level 1

Hello Marius, thanks for tip.

OK, that should not be problem, cause we have RADIUS server. So when I want to edit , jump to FMC GUI System/Users/External Authentication, I suppose I need to edit this part (already tried with my username in ''CLI Access Filter'' window, saved/apply/deploy but I can not still connect to CLI on ASA SFR )

 

Yes, and then the RADIUS server you configure there needs to be specified under platform settings > External Authentication

--
Please remember to select a correct answer and rate helpful posts
Review Cisco Networking for a $25 gift card