topic Re: cdFMC, which FTD interface for management? in Network Security

cdFMC, which FTD interface for management?

Jack G — Fri, 07 Nov 2025 22:10:51 GMT

I'm new to using cdFMC and planning to add two FTDs configured for high availability. What are the recommended interfaces for management? Should I use a data interface for management purposes on both firewalls (two public IP addresses)? Additionally, is it possible to switch to the dedicated management interface while still maintaining connectivity between the FTDs and cdFMC? Ideally, I'd like to retain SSH access to the firewalls from the LAN and not have SSH open on the WAN.

Re: cdFMC, which FTD interface for management?

balaji.bandi — Sat, 08 Nov 2025 08:30:11 GMT

If you have out-of-band management to connect to the Internet, then I use the Management interface to connect to CFMCA

good presentation helps you :

https://www.ciscolive.com/c/dam/r/ciscolive/global-event/docs/2023/pdf/BRKSEC-2318.pdf

Re: cdFMC, which FTD interface for management?

Aref Alsouqi — Mon, 10 Nov 2025 15:55:10 GMT

The devices dedicated management interfaces would still need to be configured and you can access the devices from your local LAN just as normal. When the FTDs try to register to the cdFMC they use their outside interface because that traffic will flow securely over the internet. So you don't really have to open up anything from the WAN in terms of management of the devices and for any change that will be deployed from the cdFMC it will be delivered to the devices over the secure management channel between the cdFMC and the FTDs. So, also for that you don't have to open up anything externally.