Cisco Firepower 2100 Getting Started Manual page 67
Hide thumbs
Also See for Firepower 2100:
- Getting started manual (232 pages) ,
- Manual (44 pages) ,
- Getting started manual (178 pages)
Table of Contents
Advertisement
Firepower Threat Defense Deployment with a Remote FMC
• You can only enable FMC access on one physical, data interface. You cannot use a subinterface or
EtherChannel.
• This interface cannot be management-only.
• Routed firewall mode only, using a routed interface.
• High Availability is not supported. You must use the Management interface in this case.
• PPPoE is not supported. If your ISP requires PPPoE, you will have to put a router with PPPoE support
between the FTD and the WAN modem.
• The interface must be in the global VRF only.
• You cannot use separate management and event-only interfaces.
• SSH is not enabled by default for data interfaces, so you will have to enable SSH later using FMC.
Because the Management interface gateway will be changed to be the data interfaces, you also cannot
SSH to the Management interface from a remote network unless you add a static route for the Management
interface using the configure network static-routes command.
The following figure shows the FMC at central headquarters and the FTD with FMC access on the outside
interface.
Either the FTD or FMC needs a public IP address or hostname to allow to allow the inbound management
connection; you need to know this IP address for initial setup. You can also optionally configure Dynamic
DNS (DDNS) for the outside interface to accommodate changing DHCP IP assignments.
How Remote Management Works
Cisco Firepower 2100 Getting Started Guide
65
Advertisement
Chapters
Table of Contents
