Cisco Firepower 2100 Getting Started Manual page 66

How Remote Management Works
Each FTD controls, inspects, monitors, and analyzes traffic, and then reports to a managing FMC. The FMC
provides a centralized management console with a web interface that you can use to perform administrative,
management, analysis, and reporting tasks in service to securing your local network.
For networks that include only a single device or just a few, where you do not need to use a high-powered
multiple-device manager like the FMC, you can use the integrated Firepower Device Manager (FDM). Use
the FDM web-based device setup wizard to configure the basic features of the software that are most commonly
used for small network deployments.
About the Firepower 2100
The Cisco Firepower 2100 hardware can run either FTD software or ASA software. Switching between FTD
and ASA requires you to reimage the device. See
Device.
The Firepower 2100 runs an underlying operating system called the Firepower eXtensible Operating System
(FXOS). The Firepower 2100 does not support the FXOS Firepower Chassis Manager; only a limited CLI is
supported for troubleshooting purposes. See the
Privacy Collection Statement—The Firepower 2100 does not require or actively collect personally-identifiable
information. However, you can use personally-identifiable information in the configuration, for example for
usernames. In this case, an administrator might be able to see this information when working with the
configuration or when using SNMP.
•
•
•
•
•
•
•
How Remote Management Works
To allow the FMC to manage the FTD over the internet, you use the outside interface for FMC management
instead of the Management interface. Because most remote branch offices only have a single internet connection,
outside FMC access makes centralized management possible.
Note
You can use any data interface for FMC access, for example, the inside interface if you have an inside FMC.
However, this guide primarily covers outside interface access, because it is the most likely scenario for remote
branch offices.
The Management interface is a special interface configured separately from FTD data interfaces, and it has
its own network settings. The Management interface network settings are still used even though you are
enabling FMC access on a data interface. All management traffic continues to be sourced from or destined to
the Management interface. When you enable FMC access on a data interface, the FTD forwards incoming
management traffic over the backplane to the Management interface. For outgoing management traffic, the
Management interface forwards the traffic over the backplane to the data interface.
FMC access from a data interface has the following limitations:
Cisco Firepower 2100 Getting Started Guide
64
How Remote Management Works, on page 64
Before You Start, on page 66
End-to-End Procedure, on page 66
Central Administrator Pre-Configuration, on page 68
Central Administrator Pre-Configuration Using the CLI, on page 74
Branch Office Installation, on page 79
Central Administrator Post-Configuration, on page 81
Firepower Threat Defense Deployment with a Remote FMC
Reimage the Cisco ASA or Firepower Threat Defense
FXOS troubleshooting guide for more information.