cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
169
Views
0
Helpful
7
Replies
Highlighted
Beginner

connection firepower 1120 to firepower management center

Hello for everybody.

 

Is this correct, that i should to use only management interface on this device to add this device to firepower management center? Or i can do this via data interface. 

And next question - can i register this device in smart account before before adding or i can do it after this action? I need to add only vpn license to this fp 1120.

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Guru

Re: connection firepower 1120 to firepower management center

7 REPLIES 7
Highlighted
Hall of Fame Guru

Re: connection firepower 1120 to firepower management center

Only the management interface. It needs to reach FMC on tcp/8305 (and vice versa - traffic is initiated by both ends for different reasons).

When managing with FMC, the Smart licensing is handled there. FMC registers to your smart account and requests the licenses that you have assigned (in FMC device management) to the device(s).

 

Highlighted
Beginner

Re: connection firepower 1120 to firepower management center

I have gradually come to this conclusion. Twice I tried to add firepower to fmc via the data interface (ethernet 2 and ethernet 3), but both times firepower was reset to completely zero settings and i had to connect to it via console cable and configure it from the beginning.

 

If i want to add i should make following commands

 

from fp1120 side

> configure manager
add Configure managing Defense Center
delete Remove managing Defense Center
local Configure local manager

> configure manager add 10.14.10.20
Alpha-numeric between 2 and 36 chars registration key

> configure manager add 10.14.10.20 Cisco123

If you enabled any feature licenses, you must disable them in Firepower Device Manager before deleting the local manager.
Otherwise, those licenses remain assigned to the device in Cisco Smart Software Manager.
Do you want to continue[yes/no]:yes

 

from fmc side - see scr

host - ip mgmt fp1120

key - Cisco123 (same for both sides)

smart license - vpn only (if i understood correctly, i can add it via fmc after registration)

 

 

Hall of Fame Guru

Re: connection firepower 1120 to firepower management center

Highlighted
Beginner

Re: connection firepower 1120 to firepower management center

Thanks, it works. But after adding fp to fmc all settings were reset to zero, even interfaces ip.

 

> show interface ip brief
Interface IP-Address OK? Method Status Protocol
Internal-Data0/0 unassigned YES unset up up
Ethernet1/1 unassigned YES unset admin down down
Ethernet1/2 unassigned YES unset admin down down
Ethernet1/3 unassigned YES unset admin down down
Ethernet1/4 unassigned YES unset admin down down
Ethernet1/5 unassigned YES unset admin down down
Ethernet1/6 unassigned YES unset admin down down
Ethernet1/7 unassigned YES unset admin down down
Ethernet1/8 unassigned YES unset admin down down
Ethernet1/9 unassigned YES unset admin down down
Ethernet1/10 unassigned YES unset admin down down
Ethernet1/11 unassigned YES unset admin down down
Ethernet1/12 unassigned YES unset admin down down
Internal-Control1/1 unassigned YES unset up up
Internal-Data1/1 169.254.1.1 YES unset up up
Internal-Data1/2 unassigned YES unset up up
Management1/1 unassigned YES unset up up
>

 

Highlighted
Hall of Fame Guru

Re: connection firepower 1120 to firepower management center

Yes - that's expected behavior.

Once you change to FMC management any configuration items (expect the management interface settings) made using FDM are erased.

Highlighted
Beginner

Re: connection firepower 1120 to firepower management center

Thanks for answer.

And i have the last question - how i can change time zone for current device in fmc? In the fmc itself, I changed the time in the user settings - use the preferred time zone and create policy for ntp for fp1120, but time zone is still utc 0.

It looks, like a can do it only via cli

 

ls -l /usr/share/zoneinfo/Etc or Utc, but there isnt UTC+3 Moscow time in these directories...

Highlighted
Hall of Fame Guru

Re: connection firepower 1120 to firepower management center

The FMC appliance itself uses the configured timezone globally in the GUI (as you noted). You can also set what's seen per user in the GUI under User > Settings as I believe you have found as well.

Managed devices (FTD, Firepower service modules, classic Firepower appliances) and the FMC OS all use UTC. This was explained in the following discussion from a while back:

https://community.cisco.com/t5/network-security/ftd-2100-ntp-timezone-issue/td-p/3371929