01-14-2019 07:54 AM - edited 03-12-2019 04:19 AM
I've just tried to run up an instance of FTDv in a lab environment for testing prior to using on a customer site, the setup script allows me to manually configure a management address as usual, but this doesn't seem to be being applied correctly.
If I use "show network", I see the correctly configured IPv4 address on the inside (g0/1) interface (192.168.179.254 in my lab), but if I use "show IP" I see 192.168.45.1 on the same interface. Attempts to ping the gateway result in "no route to host", unless I drop into a shell, when the gateway becomes reachable.
I've tried setting the address with "configure network ipv4 manual" which makes no difference; nor does reloading or re-installing.
Wondering if anyone else has seen this behavior, & if so how it was resolved.
Command output below:
> show ip
System IP Addresses:
Interface Name IP address Subnet mask Method
GigabitEthernet0/0 outside unassigned unassigned DHCP
GigabitEthernet0/1 inside 192.168.45.1 255.255.255.0 CONFIG
Current IP Addresses:
Interface Name IP address Subnet mask Method
GigabitEthernet0/0 outside unassigned unassigned DHCP
GigabitEthernet0/1 inside 192.168.45.1 255.255.255.0 CONFIG
> show network
===============[ System Information ]===============
Hostname : firepower
DNS Servers : 208.67.222.222
208.67.220.220
Management port : 8305
IPv4 Default route
Gateway : 192.168.179.1
======================[ br1 ]=======================
State : Enabled
Channels : Management & Events
Mode : Non-Autonegotiation
MDI/MDIX : Auto/MDIX
MTU : 1500
MAC Address : 0C:A2:4E:81:36:01
----------------------[ IPv4 ]----------------------
Configuration : Manual
Address : 192.168.179.254
Netmask : 255.255.255.0
Broadcast : 192.168.179.255
----------------------[ IPv6 ]----------------------
Configuration : Disabled
===============[ Proxy Information ]================
State : Disabled
Authentication : Disabled
>
01-14-2019 09:34 AM
01-14-2019 02:13 PM
If you are referring to FMC MGMT interface, all you need is to configure one IP address for MGMT, which will be use to register FTD to FMC, I would make sure FMC MGMT interface and FTD MGMT interface are in a same network.
01-15-2019 02:30 AM
01-22-2019 11:14 PM
Issue: During Image Install step of Software Image Upgrade Process, the FMC issues reboot to vFTD... and vFTD thereby becomes inaccessible due to br1 mac address changing to it's original value:
The vFTD is created in vSphere
1. After VM is created with vSphere Client for vFTD, it shows different mac addresses for br1 & NA-1 interfaces.
2. Only when br1 mac address is changed (from Console of VM/vFTD) to Network Adapter-1 mac address of the vFTD(shown in Virtual Machine Properties box) , vFTD gets accessed from FMC.
3. Upon reboot of the vFTD, the br1 gets back to it's original mac address instead of retaining the value of changed mac address(Network Adapter-1).
4. It then becomes necessary to change the br1 mac address to Network Adapter-1 mac address of the vFTD, manually through Console, to make it accessible from FMC.
How can this problem be corrected !
01-22-2019 11:59 PM
Also, you "ping system <IP>" vs. "ping <IP>" when initiating traffic from the FTD mgmt interface. Otherwise it will try to use the data interface (which one is according to the appliance's routing table).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide