Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
388
Views
1
Helpful
4
Replies

SSH to FMC to view route table

sossie
Beginner
Beginner

ā€Ž05-30-2023 02:58 PM

Hi all 

New to FMC (but experienced with ASA and other firewalls), so I may not have my terminology correct, so please correct me if required...

We have FMC for vmware 7.0.4 configured with sub domain virtual firewalls.

I want to see the route table on each sub domain virtual firewall. From my research I believe it can't be viewed from the GUI, and I have to SSH to see it.

I have managed to be able to SSH to the FMC, but I don't seem to be in the correct shell. My prompt is a ">" character, and I only have options like "Configure, expert, history, show, system". 

Can anyone explan how the SSH shell works on FMC for this version?

Thanks,

0 Helpful
4 Replies 4

Sheraz.Salim
VIP
VIP

ā€Ž05-30-2023 03:36 PM - edited ā€Ž05-30-2023 03:48 PM

do you want to see the route-tabel on FMC? If so I have put the commands for you

 

> expert
admin@fmc:~$ sudo - su
Password:
admin@fmc:~$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

default         172.30.125.1    0.0.0.0         UG    0      0        0 eth0
172.30.125.0    *               255.255.255.0   U     0      0        0 eth0

 

 

Or you want to SSH to your virtual FTD and see the route?

each virtual firewall within the FMC operates as an independent device, so you will need to SSH into each one separately to access their individual configurations and route tables

if that the case you need to ssh to the virtual fw mgmt ip address you can find this address from FMC-->Devices

here you will find the virtual FTD mgmt ip addresses you can ssh to them. here is the link https://www.ipmechanic.net/2021/04/understanding-2-engines-of-cisco-ftd.html

please do not forget to rate.
0 Helpful

sossie
Beginner
Beginner
In response to Sheraz.Salim

ā€Ž05-30-2023 05:08 PM

Thanks Sheraz,

I want to see the route table on each virtual FW. I have the mgmt IP of each, and can open a SSH session, but I'm unable to authenticate. My userID is configured at the Global level, how to I permit the globlal level user to authenticate via SSH to a virtual firewall?

0 Helpful

Sheraz.Salim
VIP
VIP
In response to sossie

ā€Ž05-31-2023 01:09 PM

sossie, for FMC authentication do you use AD-authentication or local authenticaion? as long as you have full access to FMC GUI. you should be able to login into FTD via ssh. In case, if you not able to login to FTD ssh in that case reach to the person who set it up. Most probably it will be using local authentication (As I am not sure of how your setup working).

 

if no joy, what you can do is. From FMC--->Devices--->Device Managment (This will show your all the FTD you have, now where you see the FTD mgmt ip address on the left side you will see pencil mark and three dots)  --->

tshoot.PNG

click three dots--->Troubleshoot----> (A new windows will open called health monitor)-->Advanced troubleshooting--->Thread Defence CLI.

(OR)

From system--->Health-->Monitor--->Select your FTD--->Advanced Trobulesting-->Thread Defence CLI

2.PNG

please do not forget to rate.

MHM Cisco World
VIP
VIP
In response to Sheraz.Salim

ā€Ž05-31-2023 01:53 PM

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200701-Configuration-of-Management-access-to-FT.html

config the SSH for FPR from FMC then use the FPR management IP to access via SSH.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents