• Default route—Add a default route through the outside interface.
• NAT—Use interface PAT on the outside interface.
• Access control—Allow traffic from inside to outside.
To configure a basic security policy, complete the following tasks.
Configure Interfaces, on page 101.
Configure the DHCP Server, on page 104.
Add the Default Route, on page 105.
Configure NAT, on page 107.
Allow Traffic from Inside to Outside, on page 109.
Deploy the Configuration, on page 112.
Configure Interfaces
Enable FTD interfaces, assign them to security zones, and set the IP addresses. Typically, you must configure
at least a minimum of two interfaces to have a system that passes meaningful traffic. Normally, you would
have an outside interface that faces the upstream router or internet, and one or more inside interfaces for your
organization’s networks. Some of these interfaces might be “demilitarized zones” (DMZs), where you place
publically-accessible assets such as your web server.
A typical edge-routing situation is to obtain the outside interface address through DHCP from your ISP, while
you define static addresses on the inside interfaces.
The following example configures a routed mode inside interface with a static address and a routed mode
outside interface using DHCP.
Procedure
Step 1 Choose Devices > Device Management, and click the Edit ( ) for the device.
Step 2 Click Interfaces.
Cisco Firepower 1100 Getting Started Guide
101
Firepower Threat Defense Deployment with FMC
Configure Interfaces
To Next Page
Loading...
