configure manager add cdo_hostname registration_key nat_id display_name
Example:
Figure 100: configure manager add command components
b) Copy the cdo_hostname, registration_key, and nat_id parts of the command into the Management
Center/CDO Hostname/IP Address, Management Center/CDO RegistrationKey, and NATID fields.
Step 8 Configure the Connectivity Configuration.
a) Specify the FTD Hostname.
This FQDN will be used for the outside interface, or whichever interface you choose for the Management
Center/CDO Access Interface.
b) Specify the DNS Server Group.
Choose an existing group, or create a new one. The default DNS group is called
CiscoUmbrellaDNSServerGroup, which includes the OpenDNS servers.
This setting sets the data interface DNS server. The Management DNS server that you set with the setup
wizard is used for management traffic. The data DNS server is used for DDNS (if configured) or for
security policies applied to this interface. You are likley to choose the same DNS server group that you
used for Management, because both management and data traffic reach the DNS server through the outside
interface.
On CDO, the data interface DNS servers are configured in the Platform Settings policy that you assign
to this threat defense. When you add the threat defense to CDO, the local setting is maintained, and the
DNS servers are not added to a Platform Settings policy. However, if you later assign a Platform Settings
policy to the threat defense that includes a DNS configuration, then that configuration will overwrite the
local setting. We suggest that you actively configure the DNS Platform Settings to match this setting to
bring CDO and the threat defense into sync.
Also, local DNS servers are only retained by CDO if the DNS servers were discovered at initial registration.
c) For the Management Center/CDO Access Interface, choose outside.
You can choose any configured interface, but this guide assumes you are using outside.
Step 9 If you chose a different data interface from outside, then add a default route.
You will see a message telling you to check that you have a default route through the interface. If you chose
outside, you already configured this route as part of the setup wizard. If you chose a different interface, then
you need to manually configure a default route before you connect to CDO. See Configure the Firewall in
the Device Manager, on page 118 for more information about configuring static routes in the device manager.
Step 10 Click Add a Dynamic DNS (DDNS) method.
DDNS ensures CDO can reach the threat defense at its Fully-Qualified Domain Name (FQDN) if the threat
defense's IP address changes. See Device > System Settings > DDNS Service to configure DDNS.
Cisco Firepower 2100 Getting Started Guide
151
Threat Defense Deployment with CDO
Perform Initial Configuration Using the Device Manager
To Next Page
Loading...
Need help?
General