07-05-2023 10:18 AM
The client has managed through an FMC Virtual 2 firepower 1120 and 1010 respectively, it
requires independent management of Firewall 1120 with respect to 1010, for example, user A can enter FMC 1120 but cannot see anything from 1010, he can use a single Firepower management center to manage network security and vice versa
07-05-2023 10:27 AM
@gabriel_moctezuma I've not personally tried it but you can use "domains"
The Firepower System allows you to implement multitenancy using domains. Domains segment user access to managed devices, configurations, and events. https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/domain_management.html?bookSearch=true
07-05-2023 10:30 AM
One FMCv
Two FPR
Two Admin
Each Admin controle one FPR?
That is case ?
07-05-2023 12:48 PM
Yes is the case, The idea is that Admin A can access the FMC and make changes to a specific FPR but not be able to make changes to the other FPR team within the same FMC.
07-07-2023 09:03 AM
You can achieve that by using domains on the FMC as pointed out by @Rob Ingram .
07-08-2023 06:39 AM
as @Rob Ingram mention the only way is via config two domain, one for each ADMIN
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide