Converting a FTD from routed to transparent mode - Management Question

Chess Norris · ‎10-10-2025

Hello,

I want to convert a FTD from routed to transparent mode and put it behind a router. Today I use the data/outside interface to manage this FTD from a FMC in another location. Since the FTD does not have a static IP, I use a dynamic DNS service to be able to manage this FTD.

Now to my question. I want to convert this FTD from routed to transparent, but my only worry is how I should be able to manage this FTD now. I guess this will only be possible if I first configure a VPN tunnel between the router and the FMC location and use the VPN tunnel for management? My other thought was to use the built in FDM to manage the FTD, but i think I read that this is not supported and only FMC can manage a transparent FTD?

Thanks

/Jugge

Aref Alsouqi · ‎10-10-2025

You could go with the VPN solution as you mentioned, or, you could create a static NAT on the router to send the traffic to the FTD BVI IP address or a dedicated management interface. With the transparent firewalls you could leverage the BVI IP for management or having a dedicated management interface.

Karsten Iwen · ‎10-10-2025

I would try a different way:

Instead of transparent mode, I would keep routet mode, and use an inline pair for the connection that you want to control. With that, you have more options for what you can do with that device. The Management-connection to FMC could be kept native, or, as you mentioned, put inside a VPN. You could even build that VPN from one of the remaining ports on the FTD, as you still have the full FTD functionality.

Chess Norris · ‎10-10-2025

Thanks for the suggestions. The more I think of it, I probably keep the FTD in routed mode and either following Karstens advice or make the router to a L2 switch instead.