Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
926
Views
0
Helpful
7
Replies

Policy-route cannot be applied to the interface on FTD v7.0.4

merloxuanyuan23
Level 1
Level 1

‎10-25-2022 07:26 AM - edited ‎10-25-2022 07:39 AM

Hi there,

We are trying to implement PBR on FTD v7.0.4 managing by FDM. The route-map object has been created by Smart CLI and could be verified in 'running.conf'. While applying the route-map object, although the task was completed, I couldn't find the any policy-route related configuration under the interface in CLI, and there was no error for the command deployment.

merloxuanyuan23_0-1666707824761.png

I'm new to FTD, how to proceed.

0 Helpful
7 Replies 7

Rob Ingram
VIP
VIP

‎10-25-2022 07:31 AM

@merloxuanyuan23 where were you looking to check the configuration? It won't show in the GUI configuration, run "show run interface Eth1/6" from the CLI of the firewall.

 

0 Helpful

merloxuanyuan23
Level 1
Level 1

‎10-25-2022 07:35 AM - edited ‎10-25-2022 07:38 AM

@Rob Ingram Hi Rob, thanks for the reply. The policy-route didn't show under the interface in CLI. 

0 Helpful

Rob Ingram
VIP
VIP
In response to merloxuanyuan23

‎10-25-2022 07:41 AM

@merloxuanyuan23 what is the configuration of this interface, switchport or routed?

0 Helpful

merloxuanyuan23
Level 1
Level 1
In response to Rob Ingram

‎10-25-2022 07:51 AM

routed interface with ip address and zone, I will post configuration file later.

0 Helpful

merloxuanyuan23
Level 1
Level 1
In response to Rob Ingram

‎10-28-2022 02:21 PM

Hi Rob, Sorry I was busy preparing CISSP exam and passed today.

Here is what I got from show run related to route-map. The policy-route didn't appear under Ethernet1/6

!
interface Ethernet1/6
 nameif guest
 cts manual
  propagate sgt preserve-untag
  policy static sgt disabled trusted
 security-level 0
 ip address 172.16.9.1 255.255.255.0
!
access-list Guest-ACL standard permit 172.16.9.0 255.255.255.0 
access-list DefaultGateway-164-ACL standard permit host a.b.c.164
!
route-map PBR-RouteMap-Guest permit 10
 match ip address Guest-ACL
 set ip next-hop DefaultGateway-164-ACL
 match interface guest
!

 

0 Helpful

Rob Ingram
VIP
VIP
In response to merloxuanyuan23

‎10-28-2022 02:46 PM

@merloxuanyuan23 it works when I configure it using flexconfig on FDM 7.2

interface Ethernet1/2
 no switchport
 nameif lab
 cts manual
 propagate sgt preserve-untag
 policy static sgt disabled trusted
 security-level 0
 ip address 192.168.250.1 255.255.255.0
 policy-route route-map PBR

Capture.PNG 

0 Helpful

merloxuanyuan23
Level 1
Level 1
In response to Rob Ingram

‎10-30-2022 02:02 AM

thanks Rob, I will try by Monday when onsite.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card