Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1067
Views
0
Helpful
2
Replies

FTDv/NGFWv in AWS BVI issue

Go to solution
scott.owen@zii.aero
Level 1
Level 1

‎03-21-2019 03:28 PM - edited ‎02-21-2020 08:58 AM

Hi,

 

I've deployed an FTDv/NGFWv in an AWS VPC, changed the firewall mode to transparent, and registered it to an FMCv.  I've attached two additional network interfaces to the FTDv in the same subnet "192.168.1.0/24".  Now when I try to create a BVI interface and enter 192.168.1.0/24 into the IPv4 configuration I get an error "Invalid value of IPv4 address or subnet or network overlap".  No matter what network range I try to put in 192.168.1.0/32 or 192.168.0.0/24 (the management interface network) I get the same error and cannot create the BVI interface.

 

Note: Per instructional videos I have disabled AWS's Source and Destination check on the attached network interfaces and the EC2 instnaces of FTDv and FMCv.

 

Here's the current IPv4 network config and interface statistics.

 

show network
===============[ System Information ]===============
Hostname : mgt-rts-ftdv1
DNS Servers : 8.8.8.8
8.8.4.4
Management port : 8305
IPv4 Default route
Gateway : 192.168.0.1

======================[ eth0 ]======================
State : Enabled
Channels : Management & Events
Mode : Non-Autonegotiation
MDI/MDIX : Auto/MDIX
MTU : 1500
MAC Address : 0E:D4:6A:88:83:DE
----------------------[ IPv4 ]----------------------
Configuration : Manual
Address : 192.168.0.12
Netmask : 255.255.255.0
Broadcast : 192.168.0.255
----------------------[ IPv6 ]----------------------
Configuration : Disabled

===============[ Proxy Information ]================
State : Disabled
Authentication : Disabled

 

> show interface
Interface GigabitEthernet0/0 "", is administratively down, line protocol is up
Hardware is ixgbevf, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is unsupported
Available but not configured via nameif
MAC address 0ee7.7b8d.7c4a, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (0/0)
output queue (blocks free curr/low): hardware (0/0)
Interface GigabitEthernet0/1 "", is administratively down, line protocol is up
Hardware is ixgbevf, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is unsupported
Available but not configured via nameif
MAC address 0e02.3d4e.d6fa, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (0/0)
output queue (blocks free curr/low): hardware (0/0)
Interface Management0/0 "diagnostic", is up, line protocol is up
Hardware is en_vtun rev00, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is unsupported
MAC address 0eb1.f241.99e4, MTU 1500
IP address unassigned
211 packets input, 12216 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (0/0)
output queue (blocks free curr/low): hardware (0/0)
Traffic Statistics for "diagnostic":
211 packets input, 9262 bytes
0 packets output, 0 bytes
16 packets dropped
1 minute input rate 0 pkts/sec, 2 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 2 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Management-only interface. Blocked 0 through-the-device packets

 

Best regards,

Scott Owen

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
scott.owen@zii.aero
Level 1
Level 1

‎03-22-2019 02:39 PM

I found out from our vendor that FTDv/NGFWv in transparent mode is not supported in AWS.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
scott.owen@zii.aero
Level 1
Level 1

‎03-22-2019 02:39 PM

I found out from our vendor that FTDv/NGFWv in transparent mode is not supported in AWS.

0 Helpful

Go to solution
WilliamJacobson
Level 1
Level 1

‎03-24-2019 05:10 AM

Thank you Scot!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card