09-06-2019 07:10 AM - edited 02-21-2020 09:28 AM
Hi,
We're looking at deploying FTDs at locations remote to the FMC which only have Internet access (no MPLS, etc).
I'm assuming the public IP range will need at least 2 available IPs - one for the management interface and one for the outside data interface (please correct me if I'm wrong).
It is possible to harden the FMC's own management interface by locking down the allowed source IPs that can connect via HTTPS or SSH, through the System > Configuration > Access List page.
It's also possible to harden the outside interface of an FTD via the Platform Policy > Secure Shell (and HTTP) settings.
My question is how do we harden the management interface if it's directly connected to the Internet?
And while we're on the subject, is there a recommended design for how to manage a remote FTD over the Internet?
Many thanks in advance,
Matt.
Solved! Go to Solution.
09-06-2019 08:03 AM
The hardening guide:
...covers your currently available options.
See this thread for options regarding remote office FTD deployment:
https://community.cisco.com/t5/firepower/fmc-to-remote-ftd-deployment/td-p/3217743
Cisco is working on improving this experience but it's still a work in progress.
09-06-2019 08:03 AM
The hardening guide:
...covers your currently available options.
See this thread for options regarding remote office FTD deployment:
https://community.cisco.com/t5/firepower/fmc-to-remote-ftd-deployment/td-p/3217743
Cisco is working on improving this experience but it's still a work in progress.
09-06-2019 09:25 AM
Thank you Marvin.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide