Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
524
Views
0
Helpful
1
Replies

default gateway for FTD with two management interfaces

tato386
Level 11
Level 11

‎02-14-2026 08:59 PM

I am using an Internet connected data interfaces to manage an FTD from FMC.  This is working as expected.  Now I want to add a 2nd interface as a backup management interface using a data interface connected to to my internal network.   The 2nd interface needs to use a different gateway than what the primary interface is using to route over a VPN.   When I do a "show network" it shows up as using the same gateway as my Internet connected interface.  I added it using the GUI and didn't see any option for setting a gateway. I can't find a way to change it from the management CLI either. There does seem to be a way to setup static routes using the CLI which might help here.  I have attached the output of the "show network" command for reference.

Thanks

ftd_show-network.txt
0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎02-15-2026 02:20 AM

When you configure Manager Access on a data interface, the FTD often defaults to using the existing system default gateway for that interface in its "management" context. Since you cannot change this gateway directly via the "show network" CLI or the basic interface settings, you must use Static Routes within the Cisco Secure Firewall Management Center (FMC) to override this behaviour.

check this guide :

https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/222145-configure-manager-access-on-ftd-from-man.html

Avoid configuring via the CLI, since the FMC overrides some configurations.

You can deploy static content as an example; make changes as needed based on the setup.

To fix the gateway for your secondary management interface (Ethernet1/4):
Configure a Static Route in FMC: Navigate to Devices > Device Management, select your FTD, and go to the Routing tab.
Target the FMC IP: Add a Static Route specifically for the IP address of your FMC.
Interface: Select inf_MySite-inside (Ethernet1/4).
Network: Enter the specific IP of your FMC (or its subnet).
Gateway: Enter the internal gateway IP you want to use for the VPN path.  and deploy the configure to FTD and test it

 

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card