Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6799
Views
0
Helpful
4
Replies

FP4110 FTD Firepower HTTPS Web GUI

jake_han87
Level 1
Level 1

‎10-26-2017 10:52 AM - edited ‎02-21-2020 06:35 AM

Hi Cisco Support Community,

 

I would like to know was it possible to enable HTTPS Web Service on the Firepower 4110 FTD Firepower module? I'm used to the previous Firepower 7000/8000 series whereby we can login to the HTTPS Web GUI to monitor for the interface statistics, with some CPU and memory utilization.

 

Thank you.

Labels:
0 Helpful
4 Replies 4

Flavio Miranda
VIP
VIP

‎10-27-2017 05:15 AM

Hello @jake_han87

 

Take a look here:

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200701-Configuration-of-Management-access-to-FT.html#anc12

 

 

-If I helped you somehow, please, rate it as useful.-

0 Helpful

jake_han87
Level 1
Level 1
In response to Flavio Miranda

‎10-28-2017 09:17 AM

Hi @Flavio Miranda , I followed this article before but no success.

 

However, today when I look again Device Management, I found the "diagnostic" interface wasn't assigned with IP Address. This is strange as I have configured that inside the Firepower Chassis Manager, and without that IP Address how could the FMC successfully managing it? After inserting the same Firepower management IP Address for that diagnostic interface, I'm able to telnet port 443 from neighbor Firepower device. Currently I couldn't go into the Web GUI, could be restriction of my customer's VPN network access rule.

 

On next Monday I will access to the physical Firepower 4110 again to verify if able to login to the Web GUI.

 

Hi @Marvin Rhoads , yes I understand we can't apply policy and making changes on the Firepower 4110 Web GUI. What I looking is the interface statistics chart, which is useful when we are determining currently active interface for 2 standalone Firepower on multiple Active-Standby Firewall network. I hope this interface stats was available.

 

Thank you all.

0 Helpful

Rahul Govindan
VIP Alumni
VIP Alumni
In response to jake_han87

‎10-28-2017 03:37 PM

The Firepower chassis manager and FMC should both show which interfaces are active. Why not use that?

The diagnostic interface will always have no ip address by default after you deploy the FTD from the chassis manager. Diagnostic interface for FMC = FTD logical device management port. You can assign it an ip address on FMC, but I don't think it will serve the purpose you are looking for. Plus as seen in the document, Cisco recommends not configuring an ip address for it. 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-27-2017 05:49 AM

While you can enable the https service, that is only to be able to do things like securely copy a file from the appliance. (Not to be confused with the Firepower Chassis Manager for management of the overall hardware appliance.)

 

There is not a built-in web UI for FTD on the 4100 series like the legacy 3D series has. The Firepower 2100 series, FTDv and FTD on ASA  can all be locally managed with the Firepower Device Manager web UI - but that is only if you are not using FMC.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card