Cisco Firepower 2100 Getting Started Manual page 154

Configure the Device in CDO
Edit or create a new Security Zone as appropriate. Each interface must belong to a zone, because you configure
policies based on security zones, not interfaces. You cannot put the interfaces in zones when configuring
them, so you must always edit the zone objects after creating new interfaces or changing the purpose of existing
interfaces.
The following example shows how to create a new dmz-zone for the dmz interface.
Figure 45: Security Zone Object
Step 6
If you want internal clients to use DHCP to obtain an IP address from the device, choose Management >
Settings > DHCP Server, then review the DHCP Servers section.
There is already a DHCP server configured for the inside interface, but you can edit the address pool or even
delete it. If you configured other inside interfaces, it is very typical to set up a DHCP server on those interfaces.
Click + to configure the server and address pool for each inside interface.
You can also review the DNS settings supplied to clients on the DNS Server tab. The following example
shows how to set up a DHCP server on the inside2 interface with the address pool
192.168.45.46-192.168.45.254.
Figure 46: DHCP Server
Step 7 Choose Management > Routing, then click the Add icon to configure a default route.
Cisco Firepower 2100 Getting Started Guide
152
Firepower Threat Defense Deployment with CDO