cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

957
Views
0
Helpful
6
Replies
hoffa2000
Participant

FTD management over Internet

Greetings

I have a scenario where my FTDs are only reachable for management by the FMC over Internet. The FTDs are running HA so data interface access isn't an option. I assume data in transit is properly encrypted but how do I secure access to the FTD management interface? I have yet to find an ACL option for the actual management interface, I'm thinking about using black-hole routing but it seems kind of cheap.

 

Regards

Fredrik

6 REPLIES 6
balaji.bandi
VIP Guru

i would put management in different VLAN, Do NAT on Internet Router with Public to Private IP, if you know FMC Public IP, then  i will restrict with ACL to allow only FMC IP contacting FTD.

 

Since if  you do not have option to deploy Lan, if you have only option to communicate from External Internet.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi

Thank you for the answer. As I don't have any control over our Internet router I'd like to look into the ACL option. How is that done?

 

/Fredrik

if the Internet  Router does not do NAT, then how will an external connection establish to FTD, that fails - since Manangment is RFC1918 address (that was my impression)  or Do  you have Public IP configured on Manangment?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Ah, I might have forgotten that piece of information. My management interfaces have public IPs.

I found the CLI settings ssh-access-list and https-access-list which seems to do the trick for SSH access but what about SNMP?

 

/Fredrik

Why do you need SNMP over Public? if you are intent to use try SNMPv3, also the same ACP rule you can apply.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi

I don't that's the thing. I ONLY want FMC management on my Internet connected management interface.

 

/Fredrik

Create
Recognize Your Peers
Content for Community-Ad