Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
210
Views
6
Helpful
7
Replies

Management Interface x Data Interfaces

Go to solution
Otvforte
Level 1
Level 1

‎07-08-2025 11:36 AM

Hello,

I understood that connections to the FTD itself, cannot be filtered using FDM ACE only.

So, I'm looking for the right option where I can ensure that the connections to manage FTD (web/ssh) are disable and not exposed to the internet (default). 

Cisco documentation mentions these two options, but I couldn't understand exactly the difference: Management Interface and Management Data.

Thank you

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to Otvforte

‎07-08-2025 11:52 AM - edited ‎07-08-2025 11:53 AM

@Otvforte not quite. the "Management Access" section relates to the management and data interfaces. You would select the correct tab - "Management Interface" or "Data Interface", then configured required access on the specific interface.

https://www.cisco.com/c/en/us/td/docs/security/firepower/770/fdm/fptd-fdm-config-guide-770/fptd-fdm-system.html#concept_6FFA959431C84299B9EDCF19160266AD

 

View solution in original post

7 Replies 7

Go to solution
Rob Ingram
VIP
VIP

‎07-08-2025 11:40 AM

@Otvforte the management interface is optional (you don't need to use it), is dedicated for management purposes, usually connected to the internal LAN.

The data interfaces are the inside, outside or dmz etc, typically you would not enable mgmt services (ssh, https) on the outside or dmz interfaces. If you do enable management services on the outside interface, restrict this to known hosts.

Go to solution
MHM Cisco World
VIP
VIP

‎07-08-2025 11:45 AM

https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/222872-configure-management-access-for-ssh-and.html

this guide for SSH/HTTP access to FTD 

mgmt interface use for FMC and FDM 
data interface use mostly for FDM 

MHM

Go to solution
Otvforte
Level 1
Level 1

‎07-08-2025 11:47 AM - edited ‎07-08-2025 11:55 AM

I see, so Management Access / Management Interface option is about that one exclusive for management purposes:

Otvforte_0-1752000397774.png

Thank you for this clarification

 

Go to solution
MHM Cisco World
VIP
VIP
In response to Otvforte

‎07-08-2025 11:52 AM - edited ‎07-08-2025 11:56 AM

Correct 
you access FTD via mgmt interface so select it to harden your FTD 

Screenshot (275).png

MHM

Go to solution
Rob Ingram
VIP
VIP
In response to Otvforte

‎07-08-2025 11:52 AM - edited ‎07-08-2025 11:53 AM

@Otvforte not quite. the "Management Access" section relates to the management and data interfaces. You would select the correct tab - "Management Interface" or "Data Interface", then configured required access on the specific interface.

https://www.cisco.com/c/en/us/td/docs/security/firepower/770/fdm/fptd-fdm-config-guide-770/fptd-fdm-system.html#concept_6FFA959431C84299B9EDCF19160266AD

 

Go to solution
Otvforte
Level 1
Level 1

‎07-08-2025 11:58 AM

My mistake, I wrote Management Access / Management Access, it should be Management Access / Management Interface. Thank you.

Go to solution
MHM Cisco World
VIP
VIP

‎07-08-2025 12:12 PM - edited ‎07-08-2025 12:13 PM

https://youtu.be/-bS8-iwhyMc?si=XvP9m93AuJVMDoa4

This how we can mgmt ftd from data interface instead of mgmt interface.

But I must mention it local mgmt fdm so I dont prefer you use data interface at all.

Use for local mgmt mgmt interface.

Anyway this for your info

BUT cor FMC data interface is better 

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card