(Optional) Change Management Network Settings at the CLI, on page 67.FTD CLI
Log Into FDM, on page 69.Firepower Device
Manager
Complete the Initial Configuration, on page 70.Firepower Device
Manager
(Optional) Configure Licensing, on page 72: Obtain feature licenses.Cisco Commerce
Workspace
Configure Licensing, on page 72: Generate a license token.Smart Software
Manager
Configure Licensing, on page 72: Register the device with the Smart Licensing
Server.
Firepower Device
Manager
Configure the Device in Firepower Device Manager, on page 78.Firepower Device
Manager
Review the Network Deployment and Default Configuration
You can manage the FTD using FDM from either the Management 1/1 interface or the inside interface. The
dedicated Management interface is a special interface with its own network settings.
The following figure shows the recommended network deployment. If you connect the outside interface
directly to a cable modem or DSL modem, we recommend that you put the modem into bridge mode so the
FTD performs all routing and NAT for your inside networks. If you need to configure PPPoE for the outside
interface to connect to your ISP, you can do so after you complete initial setup in FDM.
If you cannot use the default management IP address (for example, your management network does not include
a DHCP server), then you can connect to the console port and perform initial setup at the CLI, including
setting the Management IP address, gateway, and other basic networking settings.
If you need to change the inside IP address, you can do so after you complete initial setup in FDM. For
example, you may need to change the inside IP address in the following circumstances:
• (7.0 and later) The inside IP address is 192.168.95.1. (6.7 and earlier) The inside IP address is 192.168.1.1.
If the outside interface tries to obtain an IP address on the 192.168.1.0 network, which is a common
default network, the DHCP lease will fail, and the outside interface will not obtain an IP address. This
problem occurs because the FTD cannot have two interfaces on the same network. In this case you must
change the inside IP address to be on a new network.
• If you add the FTD to an existing inside network, you will need to change the inside IP address to be on
the existing network.
Note
The following figure shows the default network deployment for FTD using FDM with the default configuration.
Cisco Firepower 1100 Getting Started Guide
63
Firepower Threat Defense Deployment with FDM
Review the Network Deployment and Default Configuration
To Next Page
Loading...
Need help?
General