Re: FTD 1010 Traffic Shaping - minus FMC

Michael Keetman · ‎10-29-2020

I'm struggling to find information on how to apply a service-policy to an Internet connected interface on an FTD1010. Cisco docs indicate this is possible by setting up a QoS policy within an FMC, however I don't have access to one to do this.

I've scanned through the API and found nothing & have tried applying flex-config using ASA commands. Unfortunately this has been unsuccessful.

Does anyone else have any experience trying to get a shaping policy on an FTD without an FMC?

Aref Alsouqi · ‎10-30-2020

I don't think that is supported on FDM UI, however, I believe you can configure that through FlexConfig since the interested commands do not seem to be included in the FlexConfig blacklisted commands list.

Michael Keetman · ‎11-01-2020

Thanks Aref,

I thought the same, but haven't had any luck in that regard. Perhaps it is invalid config i'm trying to apply?

policy-map qosOutsidePolicy
class class-default
shape average 49000000
exit
service-policy qosOutsidePolicy interface outside

I have tried with and without the exit statement, indentation etc...

Aref Alsouqi · ‎11-04-2020

When you tried that, did you get any error? the bug link you shared might be to add that feature in the FDM UI, but it might be already supported through FlexConfig.

Michael Keetman · ‎11-04-2020

Yes, the above flexconfig object fails when deployed as part of a policy. It highlights a letter within the "shape" part of the statement as causing the template error.

Aref Alsouqi · ‎11-05-2020

Interesting, I will try to test on a 6.6.1 Firepower 1010 I have in the next coming few days and I will let you know if it works on the 6.6.1.

Michael Keetman · ‎11-01-2020

My colleague reached out to TAC for some assistance - apparently this isn't possible

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc33785