Re: Is it possible to have independent firewall management?

gabriel_moctezuma · ‎07-05-2023

The client has managed through an FMC Virtual 2 firepower 1120 and 1010 respectively, it
requires independent management of Firewall 1120 with respect to 1010, for example, user A can enter FMC 1120 but cannot see anything from 1010, he can use a single Firepower management center to manage network security and vice versa

Rob Ingram · ‎07-05-2023

@gabriel_moctezuma I've not personally tried it but you can use "domains"

The Firepower System allows you to implement multitenancy using domains. Domains segment user access to managed devices, configurations, and events. https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/domain_management.html?bookSearch=true

MHM Cisco World · ‎07-05-2023

One FMCv

Two FPR

Two Admin

Each Admin controle one FPR?

That is case ?

gabriel_moctezuma · ‎07-05-2023

Yes is the case, The idea is that Admin A can access the FMC and make changes to a specific FPR but not be able to make changes to the other FPR team within the same FMC.

Aref Alsouqi · ‎07-07-2023

You can achieve that by using domains on the FMC as pointed out by @Rob Ingram .

MHM Cisco World · ‎07-08-2023

as @Rob Ingram mention the only way is via config two domain, one for each ADMIN