Hi,

Yes, the gateway was also changed.

Best Regards,

Sabeel

may be we did not get right answer here, have you managing the FTD using FMC, you have changed both the side MGMT IP ?

then i would suggest to deregister and re-register again - if you managing the FTD with  FMC

Hi,

Sorry for not clarifying. There is no FMC in this environment and the FTD is managed using its own GUI. Management IP and gateway has been changed on the management interface. SSH works, but not HTTPs.

Hope that makes more sense.

Best Regards,

Sabeel

So you mean after changing the IP, same IP you able to SSH and not able to use https for GUI access.

Hope you have used below command to change the IP :

onfigure network ipv4 manual <mgmt0 IP> <netmask> <gateway> management0

can you post show network here  (from console ?)

also check any ACL :

Hi Appologies, its 2130 not a 1000 series appliance.

This is the guide i used to change the IP :

https://www.cisco.com/c/en/us/td/docs/security/asa/fxos/config/asa-2100-fxos-config/cli.html#id_54695

so used this command  : 

firepower-2110 /fabric-interconnect # set out-of-band static ip 10.x.x.x netmask 255.255.255.x 

Than added an ip block of :

firepower-2110 /system/services # enter ip-block 10.0.0.0 8 https

firepower-2110 /system/services # enter ip-block 10.0.0.0 8 SSH

see outpu below:

Permitted IP Block:
IP Address Prefix Length Protocol
--------------- ------------- --------
0.0.0.0 0 https
0.0.0.0 0 ssh
3.0.0.0 8 https
3.0.0.0 8 ssh
10.0.0.0 8 https
10.0.0.0 8 ssh

also, which level in the FXOS do i need to be in to enter this command?: 

configure network ipv4 manual <mgmt0 IP> <netmask> <gateway> management0  

Best Regards,

Sabeel

Configurations

In order to enable the FDM On-Box management on the firepower 2100 series proceed as follows.

1. Console access into the FPR2100 chassis and connect to the FTD application.

firepower# connect ftd
>

2. Configure the FTD management IP address.

>configure network ipv4 manual 10.88.243.253 255.255.255.128 10.88.243.1

3. Configure the management type as local.

>configure manager local

4. Configure from which IP addresses/subnets the On-Box management access to the FTD can be allowed.

>configure https-access-list 0.0.0.0/0

below guide explain more :

https://www.cisco.com/c/en/us/support/docs/security/firepower-2100-series/213519-configure-fdm-firepower-device-manageme.html

Hi,

I dont get the connect to ftd option when im in the fxos. these are the options i get:

Firepower# connect <tab>
asa local-mgmt

Best Regards,

Sabeel

Worth noting that we are running this in platform mode and have an ASA running inside it.

we are running this in platform mode and have an ASA running inside it.

If you are running platform mode and sure, then follow below guide :

check on FXOS prompt : what mode running :

# show fxos mode

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp2100/firepower-2100-gsg/asa-platform.html

Share 

Show route 

Show route management-only

MHM

Hi,

Which level in the FXOS do I need to be in to write this command ? 

Best Regards,

Sabeel

CLISH

MHM

Hi,

I am not able to access the CLISH. The firepower logs straight into privilege exec mode so cannot access expert mode.

I think the routes may be ok though as SSH works from the same machine that is trying to access it via HTTPS. If you still feel its worth checking then I can find a way of getting into user mode.

Best Regards,

Sabeel