Cisco Firepower 2100 Getting Started Manual page 88

Configure a Basic Security Policy
Configure a Basic Security Policy
This section describes how to configure a basic security policy with the following settings:
• Inside and outside interfaces—Assign a static IP address to the inside interface, and use DHCP for the
• DHCP server—Use a DHCP server on the inside interface for clients.
• Default route—Add a default route through the outside interface.
• NAT—Use interface PAT on the outside interface.
• Access control—Allow traffic from inside to outside.
• SSH—Enable SSH on the FMC access interface.
To configure a basic security policy, complete the following tasks.
Configure Interfaces
Enable FTD interfaces, assign them to security zones, and set the IP addresses. Typically, you must configure
at least a minimum of two interfaces to have a system that passes meaningful traffic. Normally, you would
have an outside interface that faces the upstream router or internet, and one or more inside interfaces for your
organization's networks. Some of these interfaces might be "demilitarized zones" (DMZs), where you place
publically-accessible assets such as your web server.
A typical edge-routing situation is to obtain the outside interface address through DHCP from your ISP, while
you define static addresses on the inside interfaces.
The following example configures a routed mode inside interface with a static address and a routed mode
outside interface using DHCP.
Cisco Firepower 2100 Getting Started Guide
86
outside interface.
Configure Interfaces, on page
Configure the DHCP Server, on page
Add the Default Route, on page
Configure NAT, on page
Allow Traffic from Inside to Outside, on page
Configure SSH on the FMC Access Data Interface, on page
Deploy the Configuration, on page
Firepower Threat Defense Deployment with a Remote FMC
49.
52.
53.
55.
57.
58.
95.