01-02-2020 01:36 PM - edited 02-21-2020 09:48 AM
How can I implement an ACL for the managed device IP of ASA 5525s with Firepower? I have deployed a pair of "ASA 5525 with Firepower" in Active/Standby mode. These devices are managed via FMC. The FMC uses these managed device IP to connect to FTD and we are able to SSH to the same IP. I need to secure management 0/0, so only certain IPs can access it.
Thanks in Advance!
01-02-2020 01:42 PM
Hi,
You can configure the FTD to restrict access to ssh/http via Platform Settings configuration in the FMC, just create a new policy if you don't already have one and assign to the FTD(s). Reference guide here.
HTH
01-02-2020 07:10 PM
Not that when we use the "Platform Settings" there are separate policies / settings for FTD devices and Firepower service modules. That's because each has different capabilities in this regard.
For a Firepower service module, the appropriate place to control access is under "Access List" within the platform settings.
For an FTD device, it is done under "Secure Shell".
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: