cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
532
Views
0
Helpful
7
Replies

Policy-route cannot be applied to the interface on FTD v7.0.4

merloxuanyuan23
Level 1
Level 1

Hi there,

We are trying to implement PBR on FTD v7.0.4 managing by FDM. The route-map object has been created by Smart CLI and could be verified in 'running.conf'. While applying the route-map object, although the task was completed, I couldn't find the any policy-route related configuration under the interface in CLI, and there was no error for the command deployment.

merloxuanyuan23_0-1666707824761.png

I'm new to FTD, how to proceed.

7 Replies 7

@merloxuanyuan23 where were you looking to check the configuration? It won't show in the GUI configuration, run "show run interface Eth1/6" from the CLI of the firewall.

 

merloxuanyuan23
Level 1
Level 1

@Rob Ingram Hi Rob, thanks for the reply. The policy-route didn't show under the interface in CLI. 

@merloxuanyuan23 what is the configuration of this interface, switchport or routed?

routed interface with ip address and zone, I will post configuration file later.

Hi Rob, Sorry I was busy preparing CISSP exam and passed today.

Here is what I got from show run related to route-map. The policy-route didn't appear under Ethernet1/6

!
interface Ethernet1/6
 nameif guest
 cts manual
  propagate sgt preserve-untag
  policy static sgt disabled trusted
 security-level 0
 ip address 172.16.9.1 255.255.255.0
!
access-list Guest-ACL standard permit 172.16.9.0 255.255.255.0 
access-list DefaultGateway-164-ACL standard permit host a.b.c.164
!
route-map PBR-RouteMap-Guest permit 10
 match ip address Guest-ACL
 set ip next-hop DefaultGateway-164-ACL
 match interface guest
!

 

@merloxuanyuan23 it works when I configure it using flexconfig on FDM 7.2

interface Ethernet1/2
no switchport
nameif lab
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 192.168.250.1 255.255.255.0
policy-route route-map PBR

Capture.PNG 

thanks Rob, I will try by Monday when onsite.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: