• This command sets the data interface DNS server. The Management DNS server that you set with the
setup script (or using the configure network dns servers command) is used for management traffic.
The data DNS server is used for DDNS (if configured) or for security policies applied to this interface.
On the management center, the data interface DNS servers are configured in the Platform Settings policy
that you assign to this threat defense. When you add the threat defense to the management center, the
local setting is maintained, and the DNS servers are not added to a Platform Settings policy. However,
if you later assign a Platform Settings policy to the threat defense that includes a DNS configuration,
then that configuration will overwrite the local setting. We suggest that you actively configure the DNS
Platform Settings to match this setting to bring the management center and the threat defense into sync.
Also, local DNS servers are only retained by the management center if the DNS servers were discovered
at initial registration. For example, if you registered the device using the Management interface, but then
later configure a data interface using the configure network management-data-interface command,
then you must manually configure all of these settings in the management center, including the DNS
servers, to match the threat defense configuration.
• You can change the management interface after you register the threat defense to the management center,
to either the Management interface or another data interface.
• The FQDN that you set in the setup wizard will be used for this interface.
• You can clear the entire device configuration as part of the command; you might use this option in a
recovery scenario, but we do not suggest you use it for initial setup or normal operation.
• To disable data managemement, enter the configure network management-data-interface disable
command.
Example:
> configure network management-data-interface
Data interface to use for management: ethernet1/1
Specify a name for the interface [outside]:
IP address (manual / dhcp) [dhcp]:
DDNS server update URL [none]:
https://deanwinchester:pa$$w0rd17@domains.example.com/nic/update?hostname=<h>&myip=<a>
Do you wish to clear all the device configuration before applying ? (y/n) [n]:
Configuration done with option to allow manager access from any network, if you wish to
change the manager access network
use the 'client' option in the command 'configure network management-data-interface'.
Setting IPv4 network configuration.
Network settings changed.
>
Example:
> configure network management-data-interface
Data interface to use for management: ethernet1/1
Specify a name for the interface [outside]: internet
IP address (manual / dhcp) [dhcp]: manual
IPv4/IPv6 address: 10.10.6.7
Netmask/IPv6 Prefix: 255.255.255.0
Default Gateway: 10.10.6.1
Comma-separated list of DNS servers [none]: 208.67.222.222,208.67.220.220
DDNS server update URL [none]:
Do you wish to clear all the device configuration before applying ? (y/n) [n]:
Cisco Firepower 1010 Getting Started Guide
61
Threat Defense Deployment with a Remote Management Center
Pre-Configuration Using the CLI
To Next Page
Loading...
Need help?
General