Turns out the only way for this to work properly is to assign a separate public IP to the Mgmt port on the FTD2110's. Running the connectivity for the mgmt. port through your firewall inside/outside interfaces is too risky. If you push a firewall config that can break the connectivity to the mgmt. port, you're firewall is "dead in the water" until you go onsite and console back in. Some other engineers have expressed a complete config wipe has been necessary, and then starting back from scratch.
Cisco is supposed to be working on a way to lock down the access to the mgmt. port if it has a public IP, but for now it is wide open to the public.
Best solution: Don't use the new FTD firewalls if you cannot deploy a FMC behind it. They're not ready for remote deployments, so an ASA w/FP module is your best choice.