cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
927
Views
0
Helpful
7
Replies

Policy-route cannot be applied to the interface on FTD v7.0.4

merloxuanyuan23
Level 1
Level 1

Hi there,

We are trying to implement PBR on FTD v7.0.4 managing by FDM. The route-map object has been created by Smart CLI and could be verified in 'running.conf'. While applying the route-map object, although the task was completed, I couldn't find the any policy-route related configuration under the interface in CLI, and there was no error for the command deployment.

merloxuanyuan23_0-1666707824761.png

I'm new to FTD, how to proceed.

7 Replies 7

@merloxuanyuan23 where were you looking to check the configuration? It won't show in the GUI configuration, run "show run interface Eth1/6" from the CLI of the firewall.

 

merloxuanyuan23
Level 1
Level 1

@Rob Ingram Hi Rob, thanks for the reply. The policy-route didn't show under the interface in CLI. 

@merloxuanyuan23 what is the configuration of this interface, switchport or routed?

routed interface with ip address and zone, I will post configuration file later.

Hi Rob, Sorry I was busy preparing CISSP exam and passed today.

Here is what I got from show run related to route-map. The policy-route didn't appear under Ethernet1/6

!
interface Ethernet1/6
 nameif guest
 cts manual
  propagate sgt preserve-untag
  policy static sgt disabled trusted
 security-level 0
 ip address 172.16.9.1 255.255.255.0
!
access-list Guest-ACL standard permit 172.16.9.0 255.255.255.0 
access-list DefaultGateway-164-ACL standard permit host a.b.c.164
!
route-map PBR-RouteMap-Guest permit 10
 match ip address Guest-ACL
 set ip next-hop DefaultGateway-164-ACL
 match interface guest
!

 

@merloxuanyuan23 it works when I configure it using flexconfig on FDM 7.2

interface Ethernet1/2
no switchport
nameif lab
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 192.168.250.1 255.255.255.0
policy-route route-map PBR

Capture.PNG 

thanks Rob, I will try by Monday when onsite.

Review Cisco Networking for a $25 gift card