Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4206
Views
10
Helpful
4
Replies

Firepower 4100 , FTD GUI access

BALAMURUGAN SINGARAM
Level 1
Level 1

‎09-23-2018 10:11 AM - edited ‎02-21-2020 08:16 AM

We received new Firepower 4100 series hardware, we are able to access Management IP via GUI but we are  unable to access FTD via GUI, ping is possible.

 

Could you please let me how know to access FTD ? via https  or to access FTD we need FMC as mandatory

Preview file
16 KB
0 Helpful
4 Replies 4

mikael.lahtela
Level 4
Level 4

‎09-28-2018 11:12 AM

Hi,

Not sure what you are asking about, but I would recommend you to use FMC to manage FTD on 4100.
Here is the guide to register FTD to FMC.
https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp4100/ftd-4100-qsg.html#pgfId-159072

br, Mikael
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-28-2018 11:49 PM

The "FTD GUI" (local) is known as Firepower Device Manager (FDM). It is not available for FTD on 4100 or 9300 series appliances.

 

As @mikael.lahtela noted, you need to run Firepower Management Center (FMC) on a separate server.

bstewart
Level 1
Level 1
In response to Marvin Rhoads

‎10-18-2018 01:37 PM

Wait, FDM's still only on 2100, not 4100/9300?  But you can't manage FTD from an FMC that's on the outside of your firewall, and I thought CDO-with-FDM was the most likely support direction for next year?  

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to bstewart

‎10-18-2018 07:05 PM

FDM is not currently available for FTD on 4100 or 9300 series. This is confirmed in Table 1 here:

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/fdm/fptd-fdm-config-guide-623/fptd-fdm-get-started.html

 

You can manage FTD from and FMC that is outside your firewall. There are at least two ways:

 

1. Easiest is to put the management interface on the public subnet. The communications to and from FMC is TLS-encrypted over tcp/8305 so it's no less secure than CDO using the API over TLS to the cloud.

 

2. Second method is to pre-configure the appliance on premises and register to the FMC and then deploy it to the remote site. The traffic can flow from management interface via inside interface and then over site-site IPsec VPN (if you want to keep all private addressing and further protect the confidentiality of the data) or be NATted and reach the remote FMC which you have assigned a public IP with restrictions on the inbound communications on the firewall at that end.

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card