https://community.cisco.com/t5/network-security/default-gateway-for-ftd-with-two-management-interfaces/m-p/5370120#M1124465 <P>When you configure<SPAN>&nbsp;</SPAN><STRONG class="Yjhzub" data-complete="true">Manager Access</STRONG><SPAN>&nbsp;on a data interface, the FTD often defaults to using the existing system default gateway for that interface in its "management" context. Since you cannot change this gateway directly via the "show network" CLI or the basic interface settings, you must use&nbsp;</SPAN><STRONG class="Yjhzub" data-complete="true">Static Routes</STRONG><SPAN>&nbsp;within the&nbsp;</SPAN><SPAN class="T286Pc" data-sfc-cp="" data-complete="true">Cisco Secure Firewall Management Center (FMC)</SPAN><SPAN>&nbsp;to override this behaviour.</SPAN></P> <P>check this guide :</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/222145-configure-manager-access-on-ftd-from-man.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/222145-configure-manager-access-on-ftd-from-man.html</A></P> <P>Avoid configuring via the CLI, since the FMC overrides some configurations.</P> <P>You can deploy static content as an example; make changes as needed based on the setup.</P> <P>To fix the gateway for your secondary management interface (Ethernet1/4):<BR />Configure a Static Route in FMC: Navigate to Devices &gt; Device Management, select your FTD, and go to the Routing tab.<BR />Target the FMC IP: Add a Static Route specifically for the IP address of your FMC.<BR />Interface: Select inf_MySite-inside (Ethernet1/4).<BR />Network: Enter the specific IP of your FMC (or its subnet).<BR />Gateway: Enter the internal gateway IP you want to use for the VPN path.&nbsp; and deploy the configure to FTD and test it</P> <P>&nbsp;</P> Sun, 15 Feb 2026 10:20:53 GMT balaji.bandi 2026-02-15T10:20:53Z https://community.cisco.com/t5/network-security/default-gateway-for-ftd-with-two-management-interfaces/m-p/5370113#M1124464 <P>I am using an Internet connected data interfaces to manage an FTD from FMC.&nbsp; This is working as expected.&nbsp; Now I want to add a 2nd interface as a backup management interface using a data interface connected to to my internal network.&nbsp; &nbsp;The 2nd interface needs to use a different gateway than what the primary interface is using to route over a VPN.&nbsp; &nbsp;When I do a "show network" it shows up as using the same gateway as my Internet connected interface.&nbsp; I added it using the GUI and didn't see any option for setting a gateway. I can't find a way to change it from the management CLI either. There does seem to be a way to setup static routes using the CLI which might help here.&nbsp; I have attached the output of the "show network" command for reference.</P><P>Thanks</P> Sun, 15 Feb 2026 04:59:57 GMT https://community.cisco.com/t5/network-security/default-gateway-for-ftd-with-two-management-interfaces/m-p/5370113#M1124464 tato386 2026-02-15T04:59:57Z https://community.cisco.com/t5/network-security/default-gateway-for-ftd-with-two-management-interfaces/m-p/5370120#M1124465 <P>When you configure<SPAN>&nbsp;</SPAN><STRONG class="Yjhzub" data-complete="true">Manager Access</STRONG><SPAN>&nbsp;on a data interface, the FTD often defaults to using the existing system default gateway for that interface in its "management" context. Since you cannot change this gateway directly via the "show network" CLI or the basic interface settings, you must use&nbsp;</SPAN><STRONG class="Yjhzub" data-complete="true">Static Routes</STRONG><SPAN>&nbsp;within the&nbsp;</SPAN><SPAN class="T286Pc" data-sfc-cp="" data-complete="true">Cisco Secure Firewall Management Center (FMC)</SPAN><SPAN>&nbsp;to override this behaviour.</SPAN></P> <P>check this guide :</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/222145-configure-manager-access-on-ftd-from-man.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/222145-configure-manager-access-on-ftd-from-man.html</A></P> <P>Avoid configuring via the CLI, since the FMC overrides some configurations.</P> <P>You can deploy static content as an example; make changes as needed based on the setup.</P> <P>To fix the gateway for your secondary management interface (Ethernet1/4):<BR />Configure a Static Route in FMC: Navigate to Devices &gt; Device Management, select your FTD, and go to the Routing tab.<BR />Target the FMC IP: Add a Static Route specifically for the IP address of your FMC.<BR />Interface: Select inf_MySite-inside (Ethernet1/4).<BR />Network: Enter the specific IP of your FMC (or its subnet).<BR />Gateway: Enter the internal gateway IP you want to use for the VPN path.&nbsp; and deploy the configure to FTD and test it</P> <P>&nbsp;</P> Sun, 15 Feb 2026 10:20:53 GMT https://community.cisco.com/t5/network-security/default-gateway-for-ftd-with-two-management-interfaces/m-p/5370120#M1124465 balaji.bandi 2026-02-15T10:20:53Z