cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
26672
Views
75
Helpful
21
Replies

FTD: Need to Change MGMT IP

Piyush_Sharma
Beginner
Beginner

Hi,

 

I need to change the management IP of both FTD running in HA and FMC will be the same.

 

Please suggest how to do it best way, as after de-registering from previously IP from FMC, we need to re-register to FMC with new IP.

21 Replies 21

Interesting, thanks for that. I'll reach out to our Cisco rep for further info. Appreciate your quick response.

Hi Marvin, Thank you very much for the quick & easy method to change the FTD IP.  I have a quick query.

 

Our FTD registered on FMC via hostname (FQDN), in this case, is it sufficient to change the IP address on host record in DNS server and change the IP on FTD without touching the FMC? would FMC detects the new IP with the FQDN? or do I need to follow the above procedure?

If you initially registered the FTD using FQDN, then you should be able to change the IP in the DNS host record without losing connectivity.  You should only have a problem if the FTD can't resolve the name.  I would first test that the FTD can ping the current FQDN just to make sure it's still seeing the FMC by name before changing the record.

 

-John

I have done the changes by changing the host entry and IP address change on FTD without touching the FMC and It worked well without any issues. But on FMC it's still showing old IP address under devices. However, everything is working as expected.

 

One last update.
If you need to change the management IP address from the FMC, but you dont want to lose the configuration on the FTD you need to visit the FMC and go to the FTD device page and disable management of it. Then go to the FTD device and change your IP address. Then go back to the FMC on the same FTD device page you want to change the management IP then enable the management.Capture.PNG

Rodrigo nailed it. This is the answer to the OP's question.

 

1) From FMC, click Devices > Device Management, and edit the FTD

2) Go to Device tab under that device in "Management" section (as in Rodrigo's screenshot) and switch the toggle to "Disable Management"

 ** After disabling management for the FTD from FMC, I confirmed I CAN still hit the "management" IP of the FTD and login by SSH directly. It does not shutdown the management/diagnostic on the FTD itself.
 
3) Log in the FTD by its management IP and change the IP address:
configure network ipv4 manual 10.99.0.24 255.255.255.0 10.99.0.1
 
4) Go back to FMC, click the pencil to edit the "Management" IP and update it to the new one. Then switch back the toggle to "Enable Management"
 
Wait a few minutes and refresh and it should turn green again.
 
At first I thought we may need console access, thinking it might "shutdown" the mgmtIf itself, but it stays up after disabling from FMC. So as long as the "new" IP will still be reachable and we are sure, then we do not necessarily need console (although I would highly recommend changing FTD IP via local console instead of relying on SSH to the new IP, if we are in any way doubtful).
 
Using this method, there was no need to Deploy, all interface config and policies remained and the FMC/FTD reestablished the Mgmt link seamlessly.
 
Thanks Rodrigo and all others for their inputs on the topic.

Shinhas.Shajahan
Beginner
Beginner

Delete the manager from the FTD:                 configure manager delete

Remove the device from FMC:                       Devices > Device Management

Change the IPs of the FTD:                                                                                                             

configure network ipv4 manual 10.34.45.64 255.255.255.248 10.34.45.1

Add the manager back on FTD:    configure manager add 10.2.9.288 password

Add the FTD to the FMC and reapply the configuration:   Devices > Device Management

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers