Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2003
Views
5
Helpful
2
Replies

Options for FMC Management of remote FTD / Hardening the Management Port

Go to solution
matty-boy
Level 1
Level 1

‎09-06-2019 07:10 AM - edited ‎02-21-2020 09:28 AM

Hi,

 

We're looking at deploying FTDs at locations remote to the FMC which only have Internet access (no MPLS, etc).

I'm assuming the public IP range will need at least 2 available IPs - one for the management interface and one for the outside data interface (please correct me if I'm wrong).

It is possible to harden the FMC's own management interface by locking down the allowed source IPs that can connect via HTTPS or SSH, through the System > Configuration > Access List page.

It's also possible to harden the outside interface of an FTD via the Platform Policy > Secure Shell (and HTTP) settings.

My question is how do we harden the management interface if it's directly connected to the Internet?

And while we're on the subject, is there a recommended design for how to manage a remote FTD over the Internet?

 

Many thanks in advance,

Matt.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-06-2019 08:03 AM

The hardening guide:

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/hardening/ftd/FTD_Hardening_Guide_v64.html

...covers your currently available options.

See this thread for options regarding remote office FTD deployment:

https://community.cisco.com/t5/firepower/fmc-to-remote-ftd-deployment/td-p/3217743

Cisco is working on improving this experience but it's still a work in progress.

View solution in original post

2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-06-2019 08:03 AM

The hardening guide:

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/hardening/ftd/FTD_Hardening_Guide_v64.html

...covers your currently available options.

See this thread for options regarding remote office FTD deployment:

https://community.cisco.com/t5/firepower/fmc-to-remote-ftd-deployment/td-p/3217743

Cisco is working on improving this experience but it's still a work in progress.

Go to solution
matty-boy
Level 1
Level 1
In response to Marvin Rhoads

‎09-06-2019 09:25 AM

Thank you Marvin.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card