cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
312
Views
0
Helpful
1
Replies

FTD 1010 (7.0.1) Outside interface management

kylerossd
Enthusiast
Enthusiast

Hello,

I have two questions regarding the FTDs ability to have management moved off the management interface to the outside interface.  I do not have a FTD 1010 to play with in the lab. In the documentation it says that we can issue the command configure network management-data-interface and connect the FMC to the outside interface. 

  1. Am I still able to access the management interface after issuing this command?
  2. The IP Address I assign is that the outside interface IP address for the firewall, or would this be an additional address?  For example I use this command and assign .101.  Once it is registered to the FMC is this the outside interface or do I go add .100 after in the configuration?
> configure network management-data-interface
Data interface to use for management: ethernet1/1
Specify a name for the interface [outside]: internet
IP address (manual / dhcp) [dhcp]: manual
IPv4/IPv6 address: 10.10.6.7
Netmask/IPv6 Prefix: 255.255.255.0
Default Gateway: 10.10.6.1
Comma-separated list of DNS servers [none]: 208.67.222.222,208.67.220.220
DDNS server update URL [none]:
Do you wish to clear all the device configuration before applying ? (y/n) [n]:

Configuration done with option to allow manager access from any network, if you wish to change the manager access network
use the 'client' option in the command 'configure network management-data-interface'.

Setting IPv4 network configuration.
Network settings changed.

 

1 Reply 1

urathod
Cisco Employee
Cisco Employee

Hello Kylerossd,

Once "configure network management-data-interface" command is executed, the Management default route will be changed to route through the data interfaces. And If you are connected to the Management interface with SSH, your connection may drop. You must reconnect using the console port.

Also 1 interface will have only IP address assigned to it. so IP which you will be assigning to interface ethernet1/1 will be your management ip.

You can also learn more about Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers