cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
457
Views
5
Helpful
2
Replies
Beginner

Options for FMC Management of remote FTD / Hardening the Management Port

Hi,

 

We're looking at deploying FTDs at locations remote to the FMC which only have Internet access (no MPLS, etc).

I'm assuming the public IP range will need at least 2 available IPs - one for the management interface and one for the outside data interface (please correct me if I'm wrong).

It is possible to harden the FMC's own management interface by locking down the allowed source IPs that can connect via HTTPS or SSH, through the System > Configuration > Access List page.

It's also possible to harden the outside interface of an FTD via the Platform Policy > Secure Shell (and HTTP) settings.

My question is how do we harden the management interface if it's directly connected to the Internet?

And while we're on the subject, is there a recommended design for how to manage a remote FTD over the Internet?

 

Many thanks in advance,

Matt.

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Guru

Re: Options for FMC Management of remote FTD / Hardening the Management Port

The hardening guide:

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/hardening/ftd/FTD_Hardening_Guide_v64.html

...covers your currently available options.

See this thread for options regarding remote office FTD deployment:

https://community.cisco.com/t5/firepower/fmc-to-remote-ftd-deployment/td-p/3217743

Cisco is working on improving this experience but it's still a work in progress.

View solution in original post

2 REPLIES 2
Highlighted
Hall of Fame Guru

Re: Options for FMC Management of remote FTD / Hardening the Management Port

The hardening guide:

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/hardening/ftd/FTD_Hardening_Guide_v64.html

...covers your currently available options.

See this thread for options regarding remote office FTD deployment:

https://community.cisco.com/t5/firepower/fmc-to-remote-ftd-deployment/td-p/3217743

Cisco is working on improving this experience but it's still a work in progress.

View solution in original post

Highlighted
Beginner

Re: Options for FMC Management of remote FTD / Hardening the Management Port

Thank you Marvin.