Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
268
Views
1
Helpful
2
Replies

Firepower Thread Defense management via data interface

scottsassin
Level 1
Level 1

‎11-15-2024 07:58 AM

I have a pair of firepower 1120s, in an HA pair, that I want to manage via a data interfaces. Presently I have them managed via management interface. 

This is for a branch office, that is connected to HQ via IPSec to another pair of FTDs. 

I followed the guide online. I enabled management on the outside interface, where the VPN peer is configured,  but when I issue the command, “configure network ipv4 manual <IP> <Mask> data-interfaces” on the FTD, I can no longer ping the FMC.

The management IP is within the interesting traffic of the VPN.  

Labels:
2 Replies 2

MHM Cisco World
VIP
VIP

‎11-15-2024 08:16 AM

You can not' for HA ypu cannot use data interface for mgmt.

I read this in Cisco doc. Later today I will share you link.

Thanks 

MHM

0 Helpful

scottsassin
Level 1
Level 1

‎11-15-2024 09:05 AM - edited ‎11-15-2024 09:06 AM

At the threat defense CLI (preferably from the console port), set the Management interface to use a static IP address and set the gateway to use the data interfaces. For high availability, perform this step on both units.

configure network {ipv4 | ipv6} manual ip_address netmask data-interfaces

ip_address netmask —Although you do not plan to use the Management interface, you must set a static IP address, for example, a private address so that you can set the gateway to data-interfaces (see the next bullet). You cannot use DHCP because the default route, which must be data-interfaces, might be overwritten with one received from the DHCP server.

data-interfaces —This setting forwards management traffic over the backplane so it can be routed through the manager access data interface.

0 Helpful
Customers Also Viewed These Support Documents
Top