Table of Contents
Advertisement
Central Administrator Pre-Configuration Using the CLI
• The Management interface cannot use DHCP if you want to use a data interface for management. If you
did not set the IP address manually during initial setup, you can set it now using the configure network
{ipv4 | ipv6} manual command. If you did not already set the Management interface gateway to
data-interfaces, this command will set it now.
• When you add the FTD to the FMC, the FMC discovers and maintains the interface configuration,
including the following settings: interface name and IP address, static route to the gateway, DNS servers,
and DDNS server. For more information about the DNS server configuration, see below. In FMC, you
can later make changes to the FMC access interface configuration, but make sure you don't make changes
that can prevent the FTD or FMC from re-establishing the management connection. If the management
connection is disrupted, the FTD includes the configure policy rollback command to restore the previous
deployment.
• If you configure a DDNS server update URL, the FTD automatically adds certificates for all of the major
CAs from the Cisco Trusted Root CA bundle so that the FTD can validate the DDNS server certificate
for the HTTPS connection. The FTD supports any DDNS server that uses the DynDNS Remote API
specification
• This command sets the data interface DNS server. The Management DNS server that you set with the
setup script (or using the configure network dns servers command) is used for management traffic.
The data DNS server is used for DDNS (if configured) or for security policies applied to this interface.
On the FMC, the data interface DNS servers are configured in the Platform Settings policy that you
assign to this FTD. When you add the FTD to the FMC, the local setting is maintained, and the DNS
servers are not added to a Platform Settings policy. However, if you later assign a Platform Settings
policy to the FTD that includes a DNS configuration, then that configuration will overwrite the local
setting. We suggest that you actively configure the DNS Platform Settings to match this setting to bring
the FMC and the FTD into sync.
Also, local DNS servers are only retained by FMC if the DNS servers were discovered at initial registration.
For example, if you registered the device using the Management interface, but then later configure a data
interface using the configure network management-data-interface command, then you must manually
configure all of these settings in FMC, including the DNS servers, to match the FTD configuration.
• You can change the management interface after you register the FTD to the FMC, to either the
Management interface or another data interface.
• The FQDN that you set in the setup wizard will be used for this interface.
• You can clear the entire device configuration as part of the command; you might use this option in a
recovery scenario, but we do not suggest you use it for initial setup or normal operation.
• To disable data managemement, enter the configure network management-data-interface disable
command.
Example:
> configure network management-data-interface
Data interface to use for management: ethernet1/1
Specify a name for the interface [outside]:
IP address (manual / dhcp) [dhcp]:
DDNS server update URL [none]:
https://deanwinchester:pa$$w0rd17@domains.example.com/nic/update?hostname=<h>&myip=<a>
Do you wish to clear all the device configuration before applying ? (y/n) [n]:
Configuration done with option to allow FMC access from any network, if you wish to change
the FMC access network
Cisco Firepower 1100 Getting Started Guide
124
(https://help.dyn.com/remote-access-api/).
Firepower Threat Defense Deployment with a Remote FMC
Hide quick links:
Advertisement
Table of Contents
