cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2391
Views
0
Helpful
3
Replies

FTD (2110) routed mode with single interface in transparent mode

newbieftd
Level 1
Level 1

I am replacing my SonicWall with FMC(6.3.0.3)/FTD 2110's (6.2.3.13). And trying to configure a "transparent mode" interface. 

I am in Routed mode, 1/1 is my WAN (192.1.1.1/24), I'd like interface 1/8 to be in transparent mode DMZ, so I don't have to worry about NAT'ing the devices, but still gives me all the protections given any DMZ/LAN segment.

 

Please point me in the right direction, terminology so I can get my new FWs configured.

 

TIA -

2 Accepted Solutions

Accepted Solutions

newbieftd
Level 1
Level 1

Looks like Cisco may call this "Identity NAT" - does that sound right?

Anyone have examples/videos?

View solution in original post

Ended up being a bug in the FMC code (6.3.0.3).

When objects do not show up in the dropdowns, or in the object search you need to clear the cache on the FMC.

Access CLI of the FMC

> expert mode

root@FMC:~# sudo su -

#  Clear the cache folder

root@FMC:~# rm -r /var/opt/CSCOpx/MDC/search/

# Restart the service

root@FMC:~# pmtool restartbyid DCCSM

“Wait for cache to rebuild and services to start”

pmtool status | grep -i gui

mysqld (system,gui,mysql) - Running 5041

httpsd (system,gui) - Running 28239

sybase_arbiter (system,gui) - Waiting

vmsDbEngine (system,gui) - Running 5047

ESS (system,gui) - Running 5086

DCCSM (system,gui) - Running 17994

Tomcat (system,gui) - Running 17995

VmsBackendServer (system,gui) - Running 17996

mojo_server (system,gui) - Running 28252

root@FMC:~#

View solution in original post

3 Replies 3

newbieftd
Level 1
Level 1

Looks like Cisco may call this "Identity NAT" - does that sound right?

Anyone have examples/videos?

Ended up being a bug in the FMC code (6.3.0.3).

When objects do not show up in the dropdowns, or in the object search you need to clear the cache on the FMC.

Access CLI of the FMC

> expert mode

root@FMC:~# sudo su -

#  Clear the cache folder

root@FMC:~# rm -r /var/opt/CSCOpx/MDC/search/

# Restart the service

root@FMC:~# pmtool restartbyid DCCSM

“Wait for cache to rebuild and services to start”

pmtool status | grep -i gui

mysqld (system,gui,mysql) - Running 5041

httpsd (system,gui) - Running 28239

sybase_arbiter (system,gui) - Waiting

vmsDbEngine (system,gui) - Running 5047

ESS (system,gui) - Running 5086

DCCSM (system,gui) - Running 17994

Tomcat (system,gui) - Running 17995

VmsBackendServer (system,gui) - Running 17996

mojo_server (system,gui) - Running 28252

root@FMC:~#

toddlammle
Level 1
Level 1

Why aren't the FTD's in 6.3.0.3 or 6.4.0.4 code? why still 6.2.3? you lose some functionality that 6.3 and even more so 6.4 provides...just wondering why you didn't update first?

Review Cisco Networking for a $25 gift card