Cisco Firepower 2100 Series Getting Started Manual page 35

Firepower Threat Defense Deployment with FMC
When registering the sensor to a Firepower Management Center, a unique
alphanumeric registration key is always required.
a sensor to a Firepower Management Center, you must provide the hostname or
the IP address along with the registration key.
'configure manager add [hostname | ip address ] [registration key ]'
However, if the sensor and the Firepower Management Center are separated by a
NAT device, you must enter a unique NAT ID, along with the unique registration
key.
'configure manager add DONTRESOLVE [registration key ] [ NAT ID ]'
Later, using the web interface on the Firepower Management Center, you must
use the same registration key and, if necessary, the same NAT ID when you add
this sensor to the Firepower Management Center.
>
Step 4 Register the Firepower Threat Defense device to the managing FMC.
configure manager add {hostname | IPv4_address | IPv6_address | DONTRESOLVE} reg_key [nat_id]
• {hostname | IPv4_address | IPv6_address | DONTRESOLVE} specifies either the fully qualified host
name or IP address of theFMC. If the FMC is not directly addressable, use DONTRESOLVE.
• reg_key is the unique alphanumeric registration key required to register the device to the FMC.
Note
• nat_id is an optional alphanumeric string used during the registration process between the FMC and the
device when one side does not specify an IP address. It is required if the hostname is set to
DONTRESOLVE. Enter the same NAT ID on the FMC.
Note
Example:
> configure manager add MC.example.com 123456
Manager successfully configured.
If the Firepower Threat Defense device and the FMC are separated by a NAT device, enter a unique NAT ID
along with the registration key, and specify DONTRESOLVE instead of the hostname, for example:
Example:
> configure manager add DONTRESOLVE my_reg_key my_nat_id
Manager successfully configured.
The FMC and the device use the registration key and NAT ID (instead of IP addresses) to authenticate and
authorize for initial registration. The NAT ID must be unique among all NAT IDs used to register managed
appliances to establish trust for the initial communication and to look up the correct registration key.
The registration key is a user-generated one-time use key that must not exceed 37 characters.
Valid characters include alphanumerical characters (A–Z, a–z, 0–9) and the hyphen (-). You
will need to remember this registration key when you add the device to the FMC.
The NAT ID is a user-generated one-time use key that must not exceed 37 characters. Valid
characters include alphanumerical characters (A–Z, a–z, 0–9) and the hyphen (-). You will
need to remember this ID when you add the device to the FMC.
Complete the Initial Configuration
In most cases, to register
Cisco Firepower 2100 Getting Started Guide
33