Solved: Manually Set WAN Static IP through CLI of FTD managed by FMC

Travis-Fleming · ‎09-23-2020

Hello,

I have to deploy a new FTD 1010 to a remote location. I will be on site later this week, however I don't have the static IP address information yet from the ISP. We deploy the 1010's via the FMC in our data center before we deploy.

Is there a way for me to set it up in the FMC, then in the field change the outside interface IP, default route, and NAT policy to take into account for the static IP address I will learn on site? With an ASA it's easy, all command line.

I should note we put an ISR 4331 behind the firewall and build a DMVPN tunnel out the FMC. I know I could land the internet direct on the router, then hook up the FTD behind the router to get access to the management interface from our offsite FMC, but would just be easier to skip this step and having the need to configure another interface on our 4331.

Marvin Rhoads · ‎09-25-2020

Unfortunately you cannot configure a data plane interface address from the FTD cli (clish). Your less preferred option is the viable one.

View solution in original post

Marvin Rhoads · ‎09-25-2020

Unfortunately you cannot configure a data plane interface address from the FTD cli (clish). Your less preferred option is the viable one.

Travis-Fleming · ‎09-28-2020

I figured as much and that makes sense the northbound device (FMC) wouldn't have a way to get an updated interface IP from a southbound device (FTD) if it was changed there. Luckily the ISP was able to provide me with the static IP address, just 20 minutes before I needed to leave to be on site.