Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
296
Views
5
Helpful
6
Replies

Static Routes on FTD 2130 using CLI

Knassi
Level 1
Level 1

‎04-19-2024 12:18 PM

Has anyone Created statoc route on the FTD sensor via the CLI?

Mine looks like it goes throught bu when i FDM into it, i do not see them.

 

Any Advice will be appreciated.

Thanks.

0 Helpful
6 Replies 6

Rob Ingram
VIP
VIP

‎04-19-2024 12:24 PM

@Knassi you cannot configure static routes for FTD via the CLI, all management is via the GUI.

Is the next hop valid and the egress interface up?

0 Helpful

Knassi
Level 1
Level 1
In response to Rob Ingram

‎04-19-2024 12:44 PM

@Rob Ingram 

This is what i used: 

Step 1: Login to the Command Line Interface (CLI) of the appliance.

Step 2: Access the network-device directory as root user.

--> sudo su – (become root)

--> cd /etc/sysconfig/network-devices

Step 3: Execute the following command to create the necessary configuration file:

touch ifcfg-static-routes ( in case ifcfg-static-routes is missing inside network-devices directory)

Step 4: Execute the following command to add a static route:

echo '<device> <type> <network> <subnet_prefix> <gateway>'

>> /etc/sysconfig/network-devices/ifcfg-static-routes

Step 5: Execute the following command to load the new static routes:

/etc/rc.d/init.d/routes restart

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to Knassi

‎04-19-2024 02:11 PM - edited ‎04-20-2024 04:27 AM

https://community.cisco.com/t5/security-knowledge-base/add-static-route-on-firepower-module/ta-p/3156256

check alternative way to add static route

configure network static-routes ipv4 add eth0 x.x.x.x x.x.x.x x.x.x.x

MHM

Aref Alsouqi
VIP
VIP
In response to MHM Cisco World

‎04-20-2024 04:44 AM

I think this command would be to add static routes for the management interface, not for the data interfaces.

Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-19-2024 11:26 PM

The method you are trying is not supported and should not be used.

The ONLY supported ways are to use the manager (FDM, CDO or FMC) or push via API.

Marius Gunnerud
VIP
VIP

‎04-21-2024 02:10 PM

Adding configuration such as a static route from the CLI should only be done if access to the management interface is not possible due to a misconfiguration.  Then you can add the required configuration to restore connectivity.  But, the problem with this is that it is only local to the FTD and will not propagate to the FDM or FMC.  This means that any configuration you add in CLI will be overwritten upon the next deployment from FDM or FMC.  So to prevent this from happening you would need to add the configuration you added in CLI to the FDM or FMC so it persists through the next deployment.

To add configuration via the CLI do the following:

>expert 

# sudo su - 

root# cd /ngfw/var/sf/bin 

root# LinaConfigTool "route mgmt-interface 10.10.14.0 255.255.255.0 10.10.5.2";

 

As others have stated, this is not for configuring the FTD, but rather to correct  configurations that have caused loss of connectivity to the regular management interface.

--
Please remember to select a correct answer and rate helpful posts
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card