cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3215
Views
0
Helpful
4
Replies

Unable to SSH into Remote FTD Appliance

Scott_22
Level 1
Level 1

Recently, we installed a new FTD external to our main location at a remote site. We were successfully able to add the appliance into the FMC, but we cannot SSH to the console. I have ensured that our public ip is whitelisted in the platform settings. Is there somewhere else I need to look? 

4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

ssh into the remote FTD device should be via the management interface, not the public data interface.

For it to work, you would need a NAT rule and Access Control Policy. It could also be handled in the context of a site-site VPN.

In either case, the management routing table would also have to take into account the necessary routing/gateway.

Exactly what I needed! But what is the SSH configuration for within platform settings? 

Marvin Rhoads
Hall of Fame
Hall of Fame

As noted in the online help for the Secure Shell settings page:

If you want to allow SSH connections to one or more data interfaces on the FTD device, configure Secure Shell settings. SSH is not supported to the Diagnostic logical interface. The physical management interface is shared between the Diagnostic logical interface and the Management logical interface. SSH is enabled by default on the Management logical interface; however, this screen does not affect Management SSH access.

...

For the Management interface, to configure an SSH access list, see the configure ssh-access-list command in the Firepower Threat Defense Command Reference. To configure a static route, see the configure network static-routes command. By default, you configure the default route through the Management interface at initial setup.

To use SSH, you do not also need an access rule allowing the host IP address. You only need to configure SSH access according to this section.

You can only SSH to a reachable interface; if your SSH host is located on the outside interface, you can only initiate a management connection directly to the outside interface.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: