topic FTD management interface on FP2100 in Network Security

FTD management interface on FP2100

Antonio Macia — Fri, 21 Feb 2020 17:41:02 GMT

Hi,

We need to setup an FMC on a different subnet than the FTD management interface so I will configure the gateway on this interface to reach the FMC. At the same time, the management interface will be connected to the same network than the production traffic, so it will have an IP on the same range than the internal firewall interface and also a the same static route towards the internal router like the management interface. Is this supported by FTD? Does the management interface reside on a different VRF?

Regards.

Re: FTD management interface on FP2100

Francesco Molino — Mon, 11 Nov 2019 04:00:21 GMT

Hi

The management and data interfaces can be on the same subnet.
Here the documentation:
https://www.cisco.com/c/en/us/td/docs/security/firepower/610/fdm/fptd-fdm-config-guide-610/fptd-fdm-interfaces.html

Re: FTD management interface on FP2100

Antonio Macia — Mon, 11 Nov 2019 19:06:15 GMT

Hi Francesco,

Thanks for your reply. So I could even have a default route on the management interface of the FP2100 that matches the same default route on the LAN FTD interface, right?

In some document I've read, they suggest to configure the management default GW as the IP of the FTD LAN interface which is kind of strange specially during the initial setup where you need that route to reach the FMC, before configuring the rest of the interfaces.

Regards.

Re: FTD management interface on FP2100

Francesco Molino — Tue, 12 Nov 2019 05:27:03 GMT

Usually when using the same subnet on management and inside, your default gw on mgmt should be the inside interface. However, if you have a switch connecting both interfaces acting as layer 3 you could setup the gw of your management to be the switch IP as well.