Solved: Re: FTD security level 0

h.dam · ‎01-13-2021

Hello Guys,

I am new on the Cisco FPR 2130 device.

Some questions below after hands-on pratices:

1. The default config contains inside and outside interfaces. But why do they both have security-level 0 ?

Do I need to change it ? How ? (I didn't find out security-level on the FDM GUI)

2. I would like to create subinterface (802.1Q trunk) on the outside interface. Do I need to delete the outside interfacename first?

3. Do I need to create Policy rules if I want to allow ICMP, Traceroute traffic ? (as I did on ASA)

Thanks.

Rob Ingram · ‎01-13-2021

On FTD all interfaces have a security level of 0 (you cannot change this), this has changed from the way you are used to configuring an ASA.

You don't necessarily need to delete the name, but all interface names must be unique.

You will need to configure a Service Policy in order to allow traceroute.

Rob Ingram · ‎01-13-2021

On FTD all interfaces have a security level of 0 (you cannot change this), this has changed from the way you are used to configuring an ASA.

You don't necessarily need to delete the name, but all interface names must be unique.

You will need to configure a Service Policy in order to allow traceroute.

CiscoPurpleBelt · ‎03-30-2023

So to allow traffic you must always have ACLs applied, can't just allow inside zone to outside zone as an example?

Rob Ingram · ‎03-30-2023

@CiscoPurpleBelt yes you can just allow traffic from one (inside) zone to another (outside) zone.

Or you could set the default action to allow, instead of drop.

CiscoPurpleBelt · ‎03-30-2023

How do I verify that via FMC or CLI for FTD I cant even see it or find the documentation covering that?