Solved: Issues with adding a managed device in FMC

vaibhav.parlekar1 · ‎03-03-2017

Hi,

We have licensed the FMC & FTD 4110 with Smart licensing server. I can see their status as licensed with smart server. Now when I am adding the FTD as a managed device in FMC it asks for a registration key. I am not sure where to find it as per the smart licensing documentation the registration is done using the Token. Where do we get the registration key for adding the managed device?

Just like we add a managed device in FMC do we also need to specify the FMC as the manager on the FTD appliance ?

please let me know.

Regards

Vaibhav

Marvin Rhoads · ‎03-06-2017

You're welcome - please rate if it helped and mark your question as answered.

Yes - an FTD logical device requires a separate dedicated management interface. You cannot use the management port that is used for FCM. (Although you can get into the FTD cli via that interface, it is only via a manual process as you have to connect to the logical device after first logging into the chassis.)

I agree this is not immediately obvious but it is covered in the documentation. Please see the following:

When you deploy the Firepower 4100 with Firepower Threat Defense, you specify a management interface and registration information for the managing Firepower Management Center to allow for Firepower Management Center access.

( I would suggest they highlight this a bit more by adding "must" and calling it out as a document note.)

Source:

http://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp4100/ftd-4100-qsg.html#12746

View solution in original post

Marvin Rhoads · ‎03-04-2017

Yes - the registration key is between FMC and the managed device only.

It is distinct from licensing (Smart or otherwise) and used to ensure a unique known manager for a given managed device. When you setup the 4110 FTD logical device using the FX-OS FirePOWER Chassis Manager, it will prompt you to enter a registration key.

Please refer to Step 11 in the following section of the FX-OS Configuration Guide:

http://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/fxos211/web-config/b_GUI_ConfigGuide_FXOS_211/logical_devices.html#task_4D51AFC7091E4D8F8289F08C6A071459

vaibhav.parlekar1 · ‎03-06-2017

Thanks Marvin,

I followed the same procedure but was having the issue with getting the management interface shown up in the setting up the logical device for registration.

My FTD already had a management IP for the Firepower Chassis manager but nowhere they mention in the documentation that the logical device needs to have it's own management interface for having showing the management interface. After adding a management interface from the data ports in FTD I was finally able to register the device & have the device added successfully to the FMC.

I hope the procedure I followed is right. Does the logical Device In FTD requires it's own management interface besides the firepower chassis manager IP address?

Marvin Rhoads · ‎03-06-2017