Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2876
Views
41
Helpful
3
Replies

FTDv management access

Go to solution
KevinR99
Level 1
Level 1

‎02-26-2022 05:50 AM

Hi

Do you ever come across a product you really don't like from the off?  FTD is it for me.  For years we do "show ip int brief"  Whoever is in charge of FTD decides it's "show interface ip brief"

Anyway, I have deployed a FTDv in an ESXi environment and after the initial setup I changed the default 192.168.45.45/24 address to one in my management network.  Now, I can ping the new address from outside VMWare and the MAC address in the ARP entry matches my FTDv mac address.  So I know I'm not seeing a duplicate IP problem.  However, try as I might I cannot ping the management gateway from the FTDv CLI.  Then when I try to register the FTDv with a FMCv it fails to do so. 

I followed the deployment guide which ways the Management0/0 port is the first network adapter and my first network adapter is connected to a port group that connects to my management network.  In fact I connected all my 4 network interfaces to the management network port group in case the management interface connected to another network interface.

When I go to the FTDv CLI and type "show interfaces ip brief" I don't see the new IP address applied to the Management 0/0 interface.  I only see a 127.0.1.1 address on Internal-Control0/0 and 169.254.1.1 on Internal-Data0/2.

I then tried to manually re-apply the address with "configure network ipv4 manual" command with no success.  Then I tried the same but with a DHCP address to see if it would grab an address.  Still the same, no IP address.  

No doubt I am doing something fundamentally wrong but when it's so difficult to get a basic thing done intuitively then I think Cisco have a problem.  I don't know anyone who has said they like FTD but I need to try to get my head round it.

Thanks for any input, Kev. 

1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎02-26-2022 06:47 AM

@KevinR99 to check the configuration of the management interface use "show network"


To ping from the management interface use "ping system <ip address>" as opposed to pinging from a data interface you'd use "ping <ip address>"

View solution in original post

3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎02-26-2022 06:34 AM 

For years we do "show ip int brief"  Whoever is in charge of FTD decides it's "show interface ip brief"

This has been there for ages from ASA ( agree if you come from switch world , the cli changed - but this what it is now) and Cisco BU knows this.

 

 

I then tried to manually re-apply the address with "configure network ipv4 manual" command with no success.

Once you add this config, do you get a success message?

 

when you deploy FTDv have you allocated interfaces as mentioned in the document :

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/vmware/ftdv/ftdv-vmware-gsg/ftdv-vmware-deploy.html

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Rob Ingram
VIP
VIP

‎02-26-2022 06:47 AM

@KevinR99 to check the configuration of the management interface use "show network"


To ping from the management interface use "ping system <ip address>" as opposed to pinging from a data interface you'd use "ping <ip address>"

Go to solution
KevinR99
Level 1
Level 1

‎02-26-2022 07:05 AM

Thank you Rob. 

That's it.  ping system to ping from the management interface and just plain old ping from the FTD interfaces. 

Not my favourite CLI but I'm sure I'll get there.  Much like when I work on NX-OS and IOS I always get commands mixed up.

Kev.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card