cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
539
Views
0
Helpful
2
Replies
Highlighted
Beginner

FTD-1010 Management Interface has Public IP Address

Hi Everyone,

So I have a scenario where we gave an FTD-1010 appliance Management Interface a Public IP address.  Can anyone share experience about the content of the ACL written to protect it from unwanted connections?

Thanks.

Jim Goughenour

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Mentor

Hi,

Are you using FDM to manage the FTD locally or using FMC to manage the FTD centrally?

You can secure SSH access to the management interface using the command configure-ssh-access-list and HTTPS using configure https-access-list

 

Reference here:-

https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_Firepower_Threat_Defense/c_3.html

 

If using the FMC for management the configuration is encrypted and secured using TLS over tcp/8305, the SSH access-list should still apply.

View solution in original post

2 REPLIES 2
Highlighted
VIP Mentor

its not good practice to expose MGMT interface to outside world. but is there any other option you can think of to protect to Local address with NAT  from your Router(ISP) ?

BB
*** Rate All Helpful Responses ***
Highlighted
VIP Mentor

Hi,

Are you using FDM to manage the FTD locally or using FMC to manage the FTD centrally?

You can secure SSH access to the management interface using the command configure-ssh-access-list and HTTPS using configure https-access-list

 

Reference here:-

https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_Firepower_Threat_Defense/c_3.html

 

If using the FMC for management the configuration is encrypted and secured using TLS over tcp/8305, the SSH access-list should still apply.

View solution in original post

Content for Community-Ad