Configuration done with option to allow manager access from any network, if you wish to
change the manager access network
use the 'client' option in the command 'configure network management-data-interface'.
Setting IPv4 network configuration.
Network settings changed.
>
Step 7
(Optional) Limit data interface access to the management center on a specific network.
configure network management-data-interface client ip_address netmask
By default, all networks are allowed.
Step 8
Identify the management center that will manage this threat defense.
configure manager add
{
hostname
|
IPv4_address
|
IPv6_address
|
DONTRESOLVE
}
reg_key
[
nat_id
]
• {
hostname
|
IPv4_address
|
IPv6_address
|
DONTRESOLVE
}—Specifies either the FQDN or IP address
of the management center. If the management center is not directly addressable, use
DONTRESOLVE
.
At least one of the devices, either the management center or the threat defense, must have a reachable
IP address to establish the two-way, SSL-encrypted communication channel between the two devices.
If you specify
DONTRESOLVE
in this command, then the threat defense must have a reachable IP
address or hostname.
•
reg_key
—Specifies a one-time registration key of your choice that you will also specify on the management
center when you register the threat defense. The registration key must not exceed 37 characters. Valid
characters include alphanumerical characters (A–Z, a–z, 0–9) and the hyphen (-).
•
nat_id
—Specifies a unique, one-time string of your choice that you will also specify on the management
center. When you use a data interface for management, then you must specify the NAT ID on
both
the
threat defense and the management center for registration. The NAT ID must not exceed 37 characters.
Valid characters include alphanumerical characters (A–Z, a–z, 0–9) and the hyphen (-). This ID cannot
be used for any other devices registering to the management center.
Example:
>
configure manager add fmc-1.example.com regk3y78 natid56
Manager successfully configured.
Step 9
Shut down the threat defense so you can send the device to the remote branch office.
It's important that you shut down your system properly. Simply unplugging the power or pressing the power
switch can cause serious file system damage. Remember that there are many processes running in the
background all the time, and unplugging or shutting off the power does not allow the graceful shutdown of
your system.
a) Enter the
shutdown
command.
b) Observe the Power LED and Status LED to verify that the chassis is powered off (appear unlit).
c) After the chassis has successfully powered off, you can then unplug the power to physically remove power
from the chassis if necessary.
Cisco Firepower 1100 Getting Started Guide
56
Threat Defense Deployment with a Remote Management Center
Pre-Configuration Using the CLI