09-16-2019 04:38 AM - edited 02-21-2020 09:29 AM
I am replacing my SonicWall with FMC(6.3.0.3)/FTD 2110's (6.2.3.13). And trying to configure a "transparent mode" interface.
I am in Routed mode, 1/1 is my WAN (192.1.1.1/24), I'd like interface 1/8 to be in transparent mode DMZ, so I don't have to worry about NAT'ing the devices, but still gives me all the protections given any DMZ/LAN segment.
Please point me in the right direction, terminology so I can get my new FWs configured.
TIA -
Solved! Go to Solution.
09-16-2019 06:37 AM
Looks like Cisco may call this "Identity NAT" - does that sound right?
Anyone have examples/videos?
09-17-2019 09:35 AM
Ended up being a bug in the FMC code (6.3.0.3).
When objects do not show up in the dropdowns, or in the object search you need to clear the cache on the FMC.
Access CLI of the FMC
> expert mode
root@FMC:~# sudo su -
# Clear the cache folder
root@FMC:~# rm -r /var/opt/CSCOpx/MDC/search/
# Restart the service
root@FMC:~# pmtool restartbyid DCCSM
“Wait for cache to rebuild and services to start”
pmtool status | grep -i gui
mysqld (system,gui,mysql) - Running 5041
httpsd (system,gui) - Running 28239
sybase_arbiter (system,gui) - Waiting
vmsDbEngine (system,gui) - Running 5047
ESS (system,gui) - Running 5086
DCCSM (system,gui) - Running 17994
Tomcat (system,gui) - Running 17995
VmsBackendServer (system,gui) - Running 17996
mojo_server (system,gui) - Running 28252
root@FMC:~#
09-16-2019 06:37 AM
Looks like Cisco may call this "Identity NAT" - does that sound right?
Anyone have examples/videos?
09-17-2019 09:35 AM
Ended up being a bug in the FMC code (6.3.0.3).
When objects do not show up in the dropdowns, or in the object search you need to clear the cache on the FMC.
Access CLI of the FMC
> expert mode
root@FMC:~# sudo su -
# Clear the cache folder
root@FMC:~# rm -r /var/opt/CSCOpx/MDC/search/
# Restart the service
root@FMC:~# pmtool restartbyid DCCSM
“Wait for cache to rebuild and services to start”
pmtool status | grep -i gui
mysqld (system,gui,mysql) - Running 5041
httpsd (system,gui) - Running 28239
sybase_arbiter (system,gui) - Waiting
vmsDbEngine (system,gui) - Running 5047
ESS (system,gui) - Running 5086
DCCSM (system,gui) - Running 17994
Tomcat (system,gui) - Running 17995
VmsBackendServer (system,gui) - Running 17996
mojo_server (system,gui) - Running 28252
root@FMC:~#
09-17-2019 10:50 AM
Why aren't the FTD's in 6.3.0.3 or 6.4.0.4 code? why still 6.2.3? you lose some functionality that 6.3 and even more so 6.4 provides...just wondering why you didn't update first?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide