Solved: FTD management over data interface

Chess Norris · ‎11-08-2023

Hello,

I need to pre-stage a Firepower 1010 and send it to one of our remote offices. This device will replace an old 5506-X with ASA software.

The new device will run FTD software and will be managed by a FMC over the Internet using the datainterface.

The FMC is behind an ISP router and is not directly addressable (all devices are sharing a single public IP from the ISP)

When I add this FMC from the FTD device, will it be enough to run the following command?

'configure manager add DONTRESOLVE [registration key ] [ NAT ID ]'

Also, if we were able to get another public IP address from the ISP and could make a static nat pointing to the FMC's private address, would I then run the following command instead or should I still use the NAT ID keyword at the end?

'configure manager add [public ip] [registration key ]

Thanks
/Chess

Marvin Rhoads · ‎11-08-2023

What you have is correct.

You also need to set the remote FTD to use the dataplane interface for management. Here's a video walking you through that:

https://www.youtube.com/watch?v=3m1cY7VxBo8

View solution in original post

Marvin Rhoads · ‎11-08-2023

What you have is correct.

You also need to set the remote FTD to use the dataplane interface for management. Here's a video walking you through that:

https://www.youtube.com/watch?v=3m1cY7VxBo8

MHM Cisco World · ‎11-08-2023

NAT ID use when ftd behind NAT not

FMC behind NAT.

For your case can use outside as mgmt (which is public).

Thanks A Lot
MHM

Chess Norris · ‎11-09-2023

Thank you, guys.

/Chess