Virtual FMC internet Connectivity

Support Cat · ‎03-19-2020

We have an FMC console we use to support our firepower devices.

I require some assistance with configuration of the VM itself.

Currently we have a separate vlan for the management traffic and the interface on the vm but this has now been put into our live infrastructure. Previously it sat on a physical device.

We need to add an additional NIC to the VM to allow it to pass internet traffic so that the FMC can connect to Cisco smart licensing server and confirm the entitlement.

We are not able to make the firewalls themselves internet facing. The workaround we had on the physical device was to connect it to the internet and then to put it back onto its network with the license confirmed and then we can deploy changes etc. and obviously this isn't possible in our virtual environment.

Any Cisco document would really help to us move forward

Thanks

balaji.bandi · ‎03-19-2020

As Long as FMC can able to contact htps://smart-satellite.cisco.com:443 - it will license.

Other quick dirty solution i can think of for you to easy, rather complicating things, make some proxy server which can comunicate to internet, and use that proxy server in FMC.

make sense ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Marius Gunnerud · ‎03-19-2020

If you do not want to open for internet access for only the FMC, then you will need to use a smart software satellite server. All devices that use smart licensing require periodic connection the Cisco to update license status and for your setup the satellite server is the best option

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/licensing_firepower_system.html

--
Please remember to select a correct answer and rate helpful posts