Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
488
Views
10
Helpful
4
Replies

Cisco FTD Mgmt over Internet

ssan239
Level 1
Level 1

‎11-28-2022 01:15 AM

Hi All,

We have an FMC which has internet access but we manage it over an MPLS connection. All the FTDs managed by this FMC are connected with the MPLS connection. The Mgmt plane is configured with the IPs learnt via the same MPLS.

Now we have a new requirement where we need to manage the FTD connecting over the Internet. Customer requesting us to configure an internet facing IP and manage it with the same above FMC. Is it achievable? If yes how we can setup the FTD management plane with the internet facing IP and connect it to the FMC which has access over MPLS?

Any suggestions on this is much helpful.

Regards,

Sanjay S

0 Helpful
4 Replies 4

Karsten Iwen
VIP
VIP

‎11-28-2022 01:24 AM

With version 6.7 you can use a data interface for your FMC<->FTD connection.There are some restrictions like HA is not supported:

https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/device_management_basics.html#Cisco_Concept.dita_a3adf1ee-a270-4ff4-8b7b-3f9a3f4f1636

ssan239
Level 1
Level 1
In response to Karsten Iwen

‎11-28-2022 02:58 AM

Thank you Karsten for this info.

But based on this first we need to get the connectivity over the management interface and then migrate it to the Data interface. Is my understanding right? We should use the management interface first to get the connectivity to FMC and then migrate it to the data interface?

Regards,

Sanjay S

0 Helpful

Karsten Iwen
VIP
VIP
In response to ssan239

‎11-28-2022 08:10 AM

I would consider it the easiest to have the device in FMC and then change it. But that is highly subjective ... You also can directly setup the FTD for management over the data-interface when you initially set up the device over the console. It's also noted in the referenced document.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to ssan239

‎11-28-2022 08:45 AM

Doing directly from the start using "configure network management-data-interface" (as noted in the document referenced by @Karsten Iwen) works fine.

That's also how Cisco is teaching it in the internal advanced FTD Field Engineering course offered to staff and partners. I labbed it during that course and it worked fine.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card