Cisco Community
English
Register
Their endless contributions help thousands around the globe. Meet the new Cisco VIP 2022 Class! LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1093
Views
0
Helpful
3
Replies
Antonio Macia
Participant
Participant
‎11-10-2019 12:29 AM
‎11-10-2019 12:29 AM

FTD management interface on FP2100

Hi,

 

We need to setup an FMC on a different subnet than the FTD management interface so I will configure the gateway on this interface to reach the FMC. At the same time, the management interface will be connected to the same network than the production traffic, so it will have an IP on the same range than the internal firewall interface and also a the same static route towards the internal router like the management interface. Is this supported by FTD? Does the management interface reside on a different VRF?

 

Regards.

Labels:
0 Helpful
1 ACCEPTED SOLUTION

Accepted Solutions
Francesco Molino
VIP Mentor VIP Mentor
VIP Mentor
In response to Antonio Macia
‎11-11-2019 09:27 PM
‎11-11-2019 09:27 PM

Usually when using the same subnet on management and inside, your default gw on mgmt should be the inside interface. However, if you have a switch connecting both interfaces acting as layer 3 you could setup the gw of your management to be the switch IP as well.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

0 Helpful
3 REPLIES 3
Francesco Molino
VIP Mentor VIP Mentor
VIP Mentor
‎11-10-2019 08:00 PM
‎11-10-2019 08:00 PM

Hi

The management and data interfaces can be on the same subnet.
Here the documentation:
https://www.cisco.com/c/en/us/td/docs/security/firepower/610/fdm/fptd-fdm-config-guide-610/fptd-fdm-interfaces.html

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Antonio Macia
Participant
Participant
In response to Francesco Molino
‎11-11-2019 11:06 AM
‎11-11-2019 11:06 AM

Hi Francesco,

 

Thanks for your reply. So I could even have a default route on the management interface of the FP2100 that matches the same default route on the LAN FTD interface, right?

In some document I've read, they suggest to configure the management default GW as the IP of the FTD LAN interface which is kind of strange specially during the initial setup where you need that route to reach the FMC, before configuring the rest of the interfaces.

 

Regards.

0 Helpful
Francesco Molino
VIP Mentor VIP Mentor
VIP Mentor
In response to Antonio Macia
‎11-11-2019 09:27 PM
‎11-11-2019 09:27 PM

Usually when using the same subnet on management and inside, your default gw on mgmt should be the inside interface. However, if you have a switch connecting both interfaces acting as layer 3 you could setup the gw of your management to be the switch IP as well.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Latest Contents
Meet Cisco Secure X- CL event video
Created by Cisco Moderador on 01-21-2022 09:44 AM
0
0
0
0
Community Live Event Video Are you ready to level up your security? Learn more about how Cisco SecureX can help you simplify your security and maximize operational efficiency. This event talks about Cisco SecureX, its benefits, features, and usage. Th... view more
ASA new NAT commands are horrible.
Created by Frank27 on 01-19-2022 10:54 PM
1
10
1
10
Hi all,I cannot understand why is something working very well they create a way to complicate things in Cisco ASA OS. I have a rule :object network LOCAL_ADRESS1 host 192.168.20.12 nat (VLAN20,outside) source static LOCAL_ADRESS1 interface&... view more
Voting period open for the 2021 IT Blog Awards, hosted by Ci...
Created by Amilee San Juan on 01-19-2022 02:45 PM
0
5
0
5
It is our pleasure to officially announce the finalists in the 2021 IT Blog Awards. We are now looking to our amazing tech community to check out the amazing line up of bloggers, vloggers and podcasters. Make sure to vote for your favorites... view more
Meet Cisco Secure X- CL event slides
Created by Cisco Moderador on 01-18-2022 11:18 AM
0
10
0
10
Community Live Event Slides This event talks about Cisco SecureX, its benefits, features, and usage. The session includes sample use cases and live demonstrations. Cisco expert Luis Silva talks about how this solution can integrate Cisco technology and ... view more
Cisco ISE Posture Assessment with Aruba Wireless AP
Created by Mitesh Manwatkar on 01-15-2022 12:46 AM
0
5
0
5
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Aruba Wireless AP (IAP) to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnect 4.... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad