Cisco Firepower 2100 Getting Started Manual page 74

Central Administrator Pre-Configuration Using FDM
At least one of the devices, either the FMC or the FTD, must have a reachable IP address to establish the
two-way, SSL-encrypted communication channel between the two devices.
b) If you chose Yes, then enter the FMC Hostname/IP Address.
c) Specify an FMC Registration Key.
This key is a one-time registration key of your choice that you will also specify on the FMC when you
register the FTD. The registration key must not exceed 37 characters. Valid characters include
alphanumerical characters (A–Z, a–z, 0–9) and the hyphen (-). This ID can be used for multiple devices
registering to the FMC.
d) Specify a NAT ID.
This ID is a unique, one-time string of your choice that you will also specify on the FMC. This field is
required if you only specify the IP address on one of the devices; but we recommend that you specify the
NAT ID even if you know the IP addresses of both devices. The NAT ID must not exceed 37 characters.
Valid characters include alphanumerical characters (A–Z, a–z, 0–9) and the hyphen (-). This ID cannot
be used for any other devices registering to the FMC. The NAT ID is used in combination with the IP
address to verify that the connection is coming from the correct device; only after authentication of the
IP address/NAT ID will the registration key be checked.
Step 9
Configure the Connectivity Configuration.
a) Specify the FTD Hostname.
This FQDN will be used for the outside interface, or whichever interface you choose for the FMC Access
Interface.
b) Specify the DNS Server Group.
Choose an existing group, or create a new one. The default DNS group is called
CiscoUmbrellaDNSServerGroup, which includes the OpenDNS servers.
This setting sets the data interface DNS server. The Management DNS server that you set with the setup
wizard is used for management traffic. The data DNS server is used for DDNS (if configured) or for
security policies applied to this interface. You are likley to choose the same DNS server group that you
used for Management, because both management and data traffic reach the DNS server through the outside
interface.
On the FMC, the data interface DNS servers are configured in the Platform Settings policy that you assign
to this FTD. When you add the FTD to the FMC, the local setting is maintained, and the DNS servers are
not added to a Platform Settings policy. However, if you later assign a Platform Settings policy to the
FTD that includes a DNS configuration, then that configuration will overwrite the local setting. We suggest
that you actively configure the DNS Platform Settings to match this setting to bring the FMC and the FTD
into sync.
Also, local DNS servers are only retained by FMC if the DNS servers were discovered at initial registration.
c) For the FMC Access Interface, choose outside.
You can choose any configured interface, but this guide assumes you are using outside.
Step 10 If you chose a different data interface from outside, then add a default route.
You will see a message telling you to check that you have a default route through the interface. If you chose
outside, you already configured this route as part of the setup wizard. If you chose a different interface, then
you need to manually configure a default route before you connect to the FMC. See
in Firepower Device Manager, on page 22
Cisco Firepower 2100 Getting Started Guide
72
Firepower Threat Defense Deployment with a Remote FMC
for more information about configuring static routes in FDM.
Configure the Firewall