Hello, thanks for the answer.

From what I understand I use the public IP on the FTD-2 in the administration interface to add the FTD-2 to the FMC, now my question is then would I need 2 public IPs on the FTD-2 network? one for the administration ip and another to use it as a WAN interface?

once I add the FTD-2 to the FMC can I change the administration IP to a private IP after creating a VPN tunnel???, what I do not want is to leave the FTD-2 with the administration IP as a public IP.

And well, from what I understand, it is only possible to add remote FTDs if I have public IPs in all my offices, right?

You can either choose to use two public IPs (one for MGMT interface and one for outside data interface), or you can use the data interface to manage the FTD.  Keep in mind there is a limitation for managing FTDs in HA setup using the data interface, so if this is an HA setup you need to use the management interface for now.

You can switch back to the private IP managed over the VPN, but if the VPN is down you will not be able to access the FTD to verify if it is the FTD that there is an issue with or just the VPN.  The management traffic is encrypted so sending it over the internet is not a security issue.  You will need to restrict access to the FTD via SSH but that is easily done.

No, you do not need public IPs in all your offices.  You can have some that have private IPs and managed over VPN and others that are public and managed over the internet.

Hello.

Thanks for the answer, however I don't understand what you mean to do it by private IP by VPN, to create the VPN I need to have a public IP.

Additionally, the VPN would create it with the FTD once added to the FMC, from what I understand, right? Because if I create it before adding it to the FMC, once I add it, the configuration will be deleted.

From what I understand the procedure would be:

1- Add the FTD-2 to the FMC using the public IP on the Mgmt interface.
2- Create the VPN between both FTDs
3- Change the public IP for a private IP in the Mgmt interface.

Am I right or is it not that way?

Thanks for the answer, however I don't understand what you mean to do it by private IP by VPN, to create the VPN I need to have a public IP.  What I meant is that you set up a VPN using the public IP, then you can manage those FTD using the private IPs over the VPN.

Additionally, the VPN would create it with the FTD once added to the FMC, from what I understand, right? Because if I create it before adding it to the FMC, once I add it, the configuration will be deleted.  I am not entirely sure I understand what you are asking here.  If you configure VPN using FDM and then add it to FMC the configuration will be reset / lost.  What you can do is have the FTD sent to you at the main office and then stage the configuration before shipping the FTD to the remote site.  If you do decide to do this configuration remote then, as you probably know, you would need to have access to a PC that can console into the FTD as you will lose connection when changing the interface you use for management.