cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2334
Views
1
Helpful
4
Replies

SSH to FMC to view route table

sossie
Level 1
Level 1

Hi all 

New to FMC (but experienced with ASA and other firewalls), so I may not have my terminology correct, so please correct me if required...

We have FMC for vmware 7.0.4 configured with sub domain virtual firewalls.

I want to see the route table on each sub domain virtual firewall. From my research I believe it can't be viewed from the GUI, and I have to SSH to see it.

I have managed to be able to SSH to the FMC, but I don't seem to be in the correct shell. My prompt is a ">" character, and I only have options like "Configure, expert, history, show, system". 

Can anyone explan how the SSH shell works on FMC for this version?

Thanks,

4 Replies 4

do you want to see the route-tabel on FMC? If so I have put the commands for you

 

> expert
admin@fmc:~$ sudo - su
Password:
admin@fmc:~$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

default         172.30.125.1    0.0.0.0         UG    0      0        0 eth0
172.30.125.0    *               255.255.255.0   U     0      0        0 eth0

 

 

Or you want to SSH to your virtual FTD and see the route?

each virtual firewall within the FMC operates as an independent device, so you will need to SSH into each one separately to access their individual configurations and route tables

if that the case you need to ssh to the virtual fw mgmt ip address you can find this address from FMC-->Devices

here you will find the virtual FTD mgmt ip addresses you can ssh to them. here is the link https://www.ipmechanic.net/2021/04/understanding-2-engines-of-cisco-ftd.html

please do not forget to rate.

Thanks Sheraz,

I want to see the route table on each virtual FW. I have the mgmt IP of each, and can open a SSH session, but I'm unable to authenticate. My userID is configured at the Global level, how to I permit the globlal level user to authenticate via SSH to a virtual firewall?

sossie, for FMC authentication do you use AD-authentication or local authenticaion? as long as you have full access to FMC GUI. you should be able to login into FTD via ssh. In case, if you not able to login to FTD ssh in that case reach to the person who set it up. Most probably it will be using local authentication (As I am not sure of how your setup working).

 

if no joy, what you can do is. From FMC--->Devices--->Device Managment (This will show your all the FTD you have, now where you see the FTD mgmt ip address on the left side you will see pencil mark and three dots)  --->

tshoot.PNG

click three dots--->Troubleshoot----> (A new windows will open called health monitor)-->Advanced troubleshooting--->Thread Defence CLI.

(OR)

From system--->Health-->Monitor--->Select your FTD--->Advanced Trobulesting-->Thread Defence CLI

2.PNG

please do not forget to rate.

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200701-Configuration-of-Management-access-to-FT.html

config the SSH for FPR from FMC then use the FPR management IP to access via SSH.

Review Cisco Networking for a $25 gift card