cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1171
Views
0
Helpful
2
Replies

FTD-1010 Management Interface has Public IP Address

jgoughenour
Level 1
Level 1

Hi Everyone,

So I have a scenario where we gave an FTD-1010 appliance Management Interface a Public IP address.  Can anyone share experience about the content of the ACL written to protect it from unwanted connections?

Thanks.

Jim Goughenour

 

1 Accepted Solution

Accepted Solutions

Hi,

Are you using FDM to manage the FTD locally or using FMC to manage the FTD centrally?

You can secure SSH access to the management interface using the command configure-ssh-access-list and HTTPS using configure https-access-list

 

Reference here:-

https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_Firepower_Threat_Defense/c_3.html

 

If using the FMC for management the configuration is encrypted and secured using TLS over tcp/8305, the SSH access-list should still apply.

View solution in original post

2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

its not good practice to expose MGMT interface to outside world. but is there any other option you can think of to protect to Local address with NAT  from your Router(ISP) ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi,

Are you using FDM to manage the FTD locally or using FMC to manage the FTD centrally?

You can secure SSH access to the management interface using the command configure-ssh-access-list and HTTPS using configure https-access-list

 

Reference here:-

https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_Firepower_Threat_Defense/c_3.html

 

If using the FMC for management the configuration is encrypted and secured using TLS over tcp/8305, the SSH access-list should still apply.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: