Solved: Cisco Firepower 1120 - Static IP

Exor · ‎12-12-2022

Hello everyone, I became a System Administrator for a company that manages IT things including Firepower. ATT and I worked together last week to replace their modem.

After replacing modem, the port on Firepower that is connected to modem (GE1/1) kept trying to get the old WAN IP that was in the old modem. I tried to find an option to change the static IP for that port so that it will obtain the correct WAN IP that is usable from the new modem.

I have CCNA cert so I know more about switches and L3 but I don't know much about Firepower. I recently learned that Firepower uses "scope" instead of "configure terminal". I am still unable to find the static IP that is already set to the port.

Do you know where it may be located in? Thank you!

Rob Ingram · ‎12-12-2022

@Exor did you deploy the changes? Nothing is applied until you deploy the changes.

View solution in original post

balaji.bandi · ‎12-12-2022

Command level issue :

>show interfaces and show you old interface IP

change as below :

> configure network ipv4 manual 192.168.100.254 255.255.255.0 192.168.100.1 GigabitEthernet1/1

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Exor · ‎12-12-2022

Hello balaji,

Thank you for the reply.

For the ip addresses you mentioned, my guess would be <ip address> <subnet mask> <gateway ip>. Is that correct?

balaji.bandi · ‎12-12-2022

yes correct

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Exor · ‎12-12-2022

Thank you, I will try to do that.

Rob Ingram · ‎12-12-2022

@Exor you have to change the IP address (and all network settings) of a data interface using the Firepower GUI (FDM or FMC). The only interface you can change on the CLI is the mgmt interface. It sounds like from your description you need to change the outside data interface, so you must do that via the GUI.

Exor · ‎12-12-2022

Hello Rob, yes, I am aware of that, and that's what I did but it still grabs old WAN IP, I knew it has something to do with static IP set up in CLI which balaji mentioned. I will be trying that out along with what you mentioned Rob.

Thank you.

Rob Ingram · ‎12-12-2022

@Exor

The command "configure network ipv4 manual" is only going to configure the mgmt interface, so don't configure the WAN ip address using the cli.

Exor · ‎12-12-2022

That's strange because when I disable the interface via GUI, the physical port still shows green light flashing. "show interface" on that port shows that it's up with the old WAN IP.

So, in that case, I am not sure why it's still running even if I disabled it via GUI.

Rob Ingram · ‎12-12-2022

@Exor did you deploy the changes? Nothing is applied until you deploy the changes.

Exor · ‎12-12-2022

How do you do that? I remember seeing about deployment. I do not know the command for that nor from its GUI.

Rob Ingram · ‎12-12-2022

@Exor in the GUI, the deploy button is top right.

You can't deploy the changes from the CLI, you can only perform limited functions related to mgmt configuration and troubleshooting via the CLI.

lcaruso · ‎12-12-2022

Might not be applicable, but in changing many site provider modems the last 12 years, sometimes the upstream device will not relinquish the arp table entry unless you call the provider and ask them to clear the arp table. That is a different but possibly related scenario where the connection is up but traffic is not passing until this is done.

Rob Ingram · ‎12-13-2022

@lcaruso yes, but that doesnt explain why the device still has the old IP address.

Did you deploy the policy as suggested?

From the CLI run "show interface ip brief" does it now display the correct IP address?

Exor · ‎12-13-2022

Sorry for delay, I have not tested yet. I'll be testing it next week. I will update here as soon as I tested it.