01-09-2018 04:04 AM
Hi team,
Is it possible to create network objects using FQDN in FTD? Based on this statement I don't think it's possible: "In ASA, a network object can contain a host, a network IP address, a range of IP addresses, or a fully qualified domain name (FQDN). In the Firepower System, network objects support these same values with the exception of FQDN." https://www.cisco.com/c/en/us/td/docs/security/firepower/620/asa2ftd-migration/asa2ftd-migration-guide-620/asa2ftd_conversion_mapping.html
This is on the roadmap or will be considered to be implemented on FTD in the future? For customers that need to create FQDN-based rules that are moving from ASA to FTD, is there a design alternative? API or any workarounds?
Regards,
.:|:.:|:. Flavio Costa
CISCO Virtual Systems Engineer - Security
Sao Paulo, Brazil
Solved! Go to Solution.
01-09-2018 05:09 AM
Hi There,
Currently FQDN objects are not supported. There is enhancement already raised for the issue but no ETA yet.
Here is the bug no.
CSCuv93558
Thanks,
Yogesh
01-09-2018 05:09 AM
Hi There,
Currently FQDN objects are not supported. There is enhancement already raised for the issue but no ETA yet.
Here is the bug no.
CSCuv93558
Thanks,
Yogesh
01-09-2018 06:32 AM
Thanks for the reply! So, currently there are no other ways to achieve the same goal?
01-09-2018 07:10 AM
Hi, you can use the URL tab in ACP. But you will need a license.
Regards.
Obtener Outlook para Android<https://aka.ms/ghei36>
04-17-2018 11:33 PM
Hi,
Is there any documentation that tells how FQDN work flow in FTD since in ASA we can use FQDN in acl as destination but in FTD we can configure it as URL.
04-19-2018 09:25 AM
I think I saw something on cisco live like below:
Receive Packet ->Ingress Interface -> acl permit -> Match XLATE ->Policy Inspection ->NAT IP ->Egress Interface -> L3 Route -> L2 Address -> Transmit Packet
Also Check BRKSEC-2028 on Cisco live
11-22-2018 12:22 PM
One solution would be to replace the fqdns by an app on the FMC.
Check video bellow:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide