10-25-2022 07:26 AM - edited 10-25-2022 07:39 AM
Hi there,
We are trying to implement PBR on FTD v7.0.4 managing by FDM. The route-map object has been created by Smart CLI and could be verified in 'running.conf'. While applying the route-map object, although the task was completed, I couldn't find the any policy-route related configuration under the interface in CLI, and there was no error for the command deployment.
I'm new to FTD, how to proceed.
10-25-2022 07:31 AM
@merloxuanyuan23 where were you looking to check the configuration? It won't show in the GUI configuration, run "show run interface Eth1/6" from the CLI of the firewall.
10-25-2022 07:35 AM - edited 10-25-2022 07:38 AM
@Rob Ingram Hi Rob, thanks for the reply. The policy-route didn't show under the interface in CLI.
10-25-2022 07:41 AM
@merloxuanyuan23 what is the configuration of this interface, switchport or routed?
10-25-2022 07:51 AM
routed interface with ip address and zone, I will post configuration file later.
10-28-2022 02:21 PM
Hi Rob, Sorry I was busy preparing CISSP exam and passed today.
Here is what I got from show run related to route-map. The policy-route didn't appear under Ethernet1/6
!
interface Ethernet1/6
nameif guest
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 172.16.9.1 255.255.255.0
!
access-list Guest-ACL standard permit 172.16.9.0 255.255.255.0
access-list DefaultGateway-164-ACL standard permit host a.b.c.164
!
route-map PBR-RouteMap-Guest permit 10
match ip address Guest-ACL
set ip next-hop DefaultGateway-164-ACL
match interface guest
!
10-28-2022 02:46 PM
@merloxuanyuan23 it works when I configure it using flexconfig on FDM 7.2
interface Ethernet1/2
no switchport
nameif lab
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 192.168.250.1 255.255.255.0
policy-route route-map PBR
10-30-2022 02:02 AM
thanks Rob, I will try by Monday when onsite.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: