04-19-2024 12:18 PM
Has anyone Created statoc route on the FTD sensor via the CLI?
Mine looks like it goes throught bu when i FDM into it, i do not see them.
Any Advice will be appreciated.
Thanks.
04-19-2024 12:24 PM
@Knassi you cannot configure static routes for FTD via the CLI, all management is via the GUI.
Is the next hop valid and the egress interface up?
04-19-2024 12:44 PM
This is what i used:
Step 1: Login to the Command Line Interface (CLI) of the appliance.
Step 2: Access the network-device directory as root user.
--> sudo su – (become root)
--> cd /etc/sysconfig/network-devices
Step 3: Execute the following command to create the necessary configuration file:
touch ifcfg-static-routes ( in case ifcfg-static-routes is missing inside network-devices directory)
Step 4: Execute the following command to add a static route:
echo '<device> <type> <network> <subnet_prefix> <gateway>'
>> /etc/sysconfig/network-devices/ifcfg-static-routes
Step 5: Execute the following command to load the new static routes:
/etc/rc.d/init.d/routes restart
04-19-2024 02:11 PM - edited 04-20-2024 04:27 AM
check alternative way to add static route
configure network static-routes ipv4 add eth0 x.x.x.x x.x.x.x x.x.x.x
MHM
04-20-2024 04:44 AM
I think this command would be to add static routes for the management interface, not for the data interfaces.
04-19-2024 11:26 PM
The method you are trying is not supported and should not be used.
The ONLY supported ways are to use the manager (FDM, CDO or FMC) or push via API.
04-21-2024 02:10 PM
Adding configuration such as a static route from the CLI should only be done if access to the management interface is not possible due to a misconfiguration. Then you can add the required configuration to restore connectivity. But, the problem with this is that it is only local to the FTD and will not propagate to the FDM or FMC. This means that any configuration you add in CLI will be overwritten upon the next deployment from FDM or FMC. So to prevent this from happening you would need to add the configuration you added in CLI to the FDM or FMC so it persists through the next deployment.
To add configuration via the CLI do the following:
>expert
# sudo su -
root# cd /ngfw/var/sf/bin
root# LinaConfigTool "route mgmt-interface 10.10.14.0 255.255.255.0 10.10.5.2";
As others have stated, this is not for configuring the FTD, but rather to correct configurations that have caused loss of connectivity to the regular management interface.
07-06-2024 11:54 AM
Thank you for this very useful "backdoor". Never knew it existed, and it saved me today when 2x FP-4112 lost access to a cloud FMC (Azure).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide