The only way I’ve found how to deal with this case is to use posture lease plus posture reassessment. https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010111.html
We also could translate both source and destination addresses to solve the connectivity problem between FMC and sensor. This translation should be made on FMC and Sensor sites.
They will connect to each over using IP addresses as if they are not sepa...
At the moment, we need to have some cheap equipment on branch site which can provide us connectivity to branch FTD management interface. That can be any VPN capable device.
We also need to make some cabling instructions for local staff.
So when we lo...
We actually managed this to work in the following way.
We are not changing mgt address of remote host. We actually created security zone called branch_mgt. Assigned interface to it and gave the ip address to that interface (lets call it IP address A)...
Hello Tony,
Did you manage to solve the problem?
I'm working on the same project right now and have the following idea:
1) register FTD with FMC locally. FQDN is used to register device.
2) pre-configure the FTD including:
- MGT interface has Inside ...
