11-24-2020 12:02 AM
Hello Community,
on an FPR-1010 device (Version FTD 6.6.1), managed by FDM I want to do a simple static load distribution by using policy based routing.
On CISCO ASA it is easy like this example:
interface Vlan1 nameif inside policy-route route-map ROUTEMAP-INET2-OUT object-group service g-TCP-PORTS-INET2 tcp port-object eq www port-object eq https access-list ROUTEMAP-ACL-INET2-OUT extended permit tcp any any object-group g-TCP-PORTS-DSL access-list ROUTEMAP-ACL-INET2-OUT extended permit <WHATEVER-YOU-WANT-TO-SEND-VIA-INET2> route-map ROUTEMAP-INET2-OUT permit 10 match ip address ROUTEMAP-ACL-INET2-OUT set ip next-hop <IP-ADDRESS-OF-INET2-GATEWAY>
Implementing this on a FPR-1010 I have to use Smart CLI as explained in https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/fptd-fdm-route-maps.html
But I'm unable to configure next-hop (last line of code above)! As I saw the manual is only related to BGP Routing.
Any ideas to implement it without an FMC appliance?
Thanks for all input.
11-24-2020 01:32 AM
04-22-2021 06:27 AM
Hello,
Flex config object doesn't give possibility to use route-map command it says
Blacklisted cli error.
Is there any other way to resolve this with FTD 6.6.1
07-02-2021 05:54 AM
how did you solve the problem?
10-04-2021 10:23 AM
You can define route-map with "API Explorer" from FDM.
10-04-2021 10:09 AM - edited 10-04-2021 10:20 AM
"set ip next-hop" can be configured by using Smart CLI as the screenshot below.
I found that anything you can do in FMC, actually you can do it in FDM as well. FDM doesn't provide a GUI for all configurations, but basically you can do it by using "API Explorer".
For example, FDM doens't provide a way defining "set interface" command in route-map object, but you can do it by editing "route-map" object with the following code from "API Explorer". How do you know "id", "type", "version" and "name" of a interface? check Interface object from "API Explorer" you will get the answer.
09-08-2022 10:43 AM
How do we attach this route-map to an interface?
Thanks
09-08-2022 11:04 PM
I believe it is only possible via FlexConfig using the command
policy-route route-map YOUR-ROUTEMAP-NAME
BR
Rick
09-09-2022 07:38 AM - edited 09-09-2022 07:50 AM
Thanks for the reply.
To attach it to inside interface, i think it will be-
interface Ethxx
policy-route route-map YOUR-ROUTEMAP-NAME
But I am afraid to test it in a live environment
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide