09-13-2023 07:46 AM
One of our remote sites is getting a new internet circuit that will require me to change the outside IP address of the FTD at that site.
both circuits will be active during the change.
is it possible to change the outside interface address, subnet, and default route via FMC, deploy, then move the interface over to the new circuit?
Ive read a lot of conversations that say I need to de-register and re-register, but that would cause a large disruption and need to reapply all policies, nat, etc.
09-13-2023 09:53 AM
If you Migrating from one ISP to Another ISP, the IP address space changed.
Safe method is to configure Locally changing the IP and re-register with FMC
yes you need to check the Objects associated with IP and make necesary new Objected changes and policies before you change the IP.
09-15-2023 08:10 AM
I'm going to lab this and see if it can be done easier than unregistering.
I will post my results here.
09-15-2023 12:30 PM
This worked.
I changed the outside interface address to an address on the new circuit and changed the default route to the router on the new circuit. I chose save, then hit deploy.
I monitored "show network" on the console of the device until the IP address changed, then moved the outside interface of the FTD to the new circuit. the only thing I did after that, was in Device Management / Device, I changed the IP Address in the Management tile to the new address. it seems to have worked without issue. it was just a matter of timing.
09-17-2023 07:42 AM - edited 09-17-2023 07:44 AM
Nice work! Depending on your code version, you can also change the outside IP address from CLI on the FTD now. You can fire off the wizard using the CLISH command on the FTD
> configure network management-data-interface
Data interface to use for management: ethernet1/1
Specify a name for the interface [outside]: internet
IP address (manual / dhcp) [dhcp]: manual
IPv4/IPv6 address: 10.10.6.7
Netmask/IPv6 Prefix: 255.255.255.0
Default Gateway: 10.10.6.1
Comma-separated list of DNS servers [none]: 208.67.222.222,208.67.220.220
DDNS server update URL [none]:
Do you wish to clear all the device configuration before applying ? (y/n) [n]:
Configuration done with option to allow FMC access from any network, if you wish to change the FMC access network
use the 'client' option in the command 'configure network management-data-interface'.
Setting IPv4 network configuration.
Network settings changed.
>
OOB connection in the case of a goof is always recommended.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide