Firepower Threat Defense Deployment with FDM
• DNS server for management—OpenDNS: (IPv4) 208.67.222.222, 208.67.220.220; (IPv6)
2620:119:35::35, or servers you specify during setup. DNS servers obtained from DHCP are never used.
• NTP—Cisco NTP servers: 0.sourcefire.pool.ntp.org, 1.sourcefire.pool.ntp.org, 2.sourcefire.pool.ntp.org,
or servers you specify during setup
• Default routes
• DHCP server—Enabled on the inside interface and (6.5 and earlier only) management interface
• FDM access—All hosts allowed on Management and inside interfaces.
• NAT—Interface PAT for all traffic from inside to outside
Note
The Management 1/1 interface is a special interface separate from
data interfaces that is used for management, Smart Licensing, and
database updates. The physical interface is shared with a second
logical interface, the Diagnostic interface. Diagnostic is a data
interface, but is limited to other types of management traffic
(to-the-device and from-the-device), such as syslog or SNMP. The
Diagnostic interface is not typically used. See the
guide
• Data interfaces—Obtained from outside DHCP, or a gateway IP address you specify during setup
• Management interface—(6.6 and later) Obtained from management DHCP. If you do not receive
a gateway, then the default route is over the backplane and through the data interfaces. (6.5 and
earlier) Over the backplane and through the data interfaces
Note that the Management interface requires internet access for licensing and updates, either over
the backplane or using a separate internet gateway. Note that only traffic originating on the
Management interface can go over the backplane; otherwise, Management does not allow through
traffic for traffic entering Management from the network.
for more information.
Cisco Firepower 2100 Getting Started Guide
Default Configuration
FDM configuration
9