Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
18448
Views
25
Helpful
16
Replies

Help Setting or Troubleshooting the Default Gateway on FTD

Go to solution
Lucas Phelps
Level 5
Level 5

‎02-26-2018 03:43 PM - edited ‎02-21-2020 07:27 AM

I've got 20+ Cisco 5506s deployed with the FirePower Threat Defense (FTD) 6.2.2.1 code.   They are all managed by a single FMC server.  When I go into Devices > Device Management, several show up as green/online, but I'm not able to ping them from my FMC.

 

 

On a few of my remote FTD boxes, they don't seem to have a default gateway defined in the config and I don't know how to set one on them.  I'm not able to ping a few of them from my FMC, so I'm not sure why they are reporting as online.  

 

Any thoughts on how to fix the default gateway/routing issue on these boxes?  I can access these boxes fine if I try to SSH from a PC on their local subnet, so that's why I think its got to be a GW issue.

 

1 person had this problem
Labels:
0 Helpful
16 Replies 16

Go to solution
localnetwork
Level 1
Level 1
In response to Lucas Phelps

‎08-28-2018 05:39 AM

Thank you kindly for your help, I had the same issue and steps outlined resolved it. Make sure to use :w to write in vi and :q to quit in order not to create multiple instances in vi editor. Cheers

Go to solution
BadPigeon
Level 1
Level 1
In response to localnetwork

‎02-06-2019 03:10 AM

Been reading this thread with great interest, many thanks chaps. However can not help feeling not disappointed as one would expect to be able to run a simple cli command to set the default gateway (or gateway of last resort) to any last hop or interface like we used to be able to do. E.g. ip route 0.0.0.0 0.0.0.0 10.140.40.1 (on standard routed IOS L3 switch/router). Is it possible to set the similar up on FTD?

 

I use inside interface as management & data interface but the default gateway on some of the firewalls may not be this interface but another legacy lab/project facing segregated interface where we may not be able to define all the subnets in which case setting int of our choice as default gateway next hop works nicely. Cisco ASA OS allows us to do this with no issues but now that I have to upgrade to FTD without being able to replicate ASA default gateway we could cause outages if we cant replicate routes like for like.

 

See below: My management interface IP and DG was set just to complete the initial setup. After that we manage the box via inside int IP. Despite having mgmt int default gateway set "> show network" command "> show static route says" Gateway of last resort is not set

 

Is it possible to set the "Gateway of last resort" on FTD? Many Thanks

 

> show route static

Gateway of last resort is not set

 

> show network
===============[ System Information ]===============
Hostname                  : XXX-LAB-2110-FW02
DNS Servers               : x.x.x.x
                            x.x.x.x
Management port           : 8305
IPv4 Default route
  Gateway                 : 10.0.0.100

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card