Solved: FTD managed via cdFMC but need to change the management address

LloydD · ‎10-10-2025

Afternoon all,

Recently we onboarded an FTD 1010 to cdFMC for cloud management. The management of the FTD (by cdFMC) is via is external data interface.

There was a request to change the external IP address and therefore the routing table to a new next hop address. We knew that changing the IP address of this interface would stop sync between the cdFMC and the FTD so we pre-emptively added a new additional route with a metric of 2 pointing to the new next hop address (out to the internet) prior to changing the external interface IP.
It looked as though all worked as cdFMC and the FTD synced after this change and we were able to make amendments to the FTD via cdFMC, however after rebooting the device we have lost connectivity to it (not syncing with cdFMC) and we were unable to ping the next hop address towards the internet via the CLI. Upon further inspection, the routing table now only shows the original route out to the internet and not the newest one we added alongside the change of the external interface. We are in a weird position now where we cannot manage the device via cdFMC to update the routing table, and we cannot seem to find a way to add the route to the device via CLI (which we assume because it is being managed by cdFMC we have limited configuration ability via the device CLI itself.

Any pointers in what we can do to fix this issue without flattening the device and rebuilding?

Many thanks,

Lloyd

LloydD · ‎10-10-2025

Just waiting to attempt a fix by re-issuing the command:
> configure network management-data-interface

As this will prompt us to reset the data interface, ip address and GATEWAY for management I am hopeful it will clear out the original static route we set and bounce the interface with the new IP AND correct gateway (and therefore route out to the internet).

Attempting this in the next 5 mins and will report back if it has fixed our issue and regained connectivity to cdFMC.

View solution in original post

LloydD · ‎10-10-2025

Just waiting to attempt a fix by re-issuing the command:
> configure network management-data-interface

As this will prompt us to reset the data interface, ip address and GATEWAY for management I am hopeful it will clear out the original static route we set and bounce the interface with the new IP AND correct gateway (and therefore route out to the internet).

Attempting this in the next 5 mins and will report back if it has fixed our issue and regained connectivity to cdFMC.

nspasov · ‎10-10-2025

Hi there. Just to confirm, you are using a data-interface and not the OOB management interface to connect to cdFMC?

Also, if you are running version 7.7.x you can use the configure recovery-config CLI to change things such as routing:

https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-management-center/223089-use-recovery-config-mode-for-emergency.html

Thank you for rating helpful posts!

Thank you for rating helpful posts!

LloydD · ‎10-10-2025

Hi Nspasov,
Yes that is correct that the data interface is being used for management access to cdFMC NOT the OOB.
Unfortunately, we are running 7.6.2, but have just confirmed that running the above command in my solution "> configure network management-data-interface" has allowed us to reset the interface IP address AND the gateway address which has allowed connectivity back to cdFMC.

Thank you for pointing out that change on version 7.7+ I will look into this for any future issues we have with routing.

Best regards

nspasov · ‎10-10-2025

Fantastic! Glad you were able to resolve your issue and thank you for taking the time to come back and share the final outcome!

Thank you for rating helpful posts!

Thank you for rating helpful posts!