Cisco Firepower 1100 Getting Started Manual page 138

Hide thumbs Also See for Firepower 1100:

Started manual (177 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

Table of Contents

Perform Initial Configuration Using the Device Manager

configure manager add cdo_hostname registration_key nat_id display_name

Example:

Figure 46: configure manager add command components

b) Copy the cdo_hostname, registration_key, and nat_id parts of the command into the Management

Center/CDO Hostname/IP Address, Management Center/CDO Registration Key, and NAT ID fields.

Step 8

Configure the Connectivity Configuration.

a) Specify the FTD Hostname.

This FQDN will be used for the outside interface, or whichever interface you choose for the Management

Center/CDO Access Interface.

b) Specify the DNS Server Group.

Choose an existing group, or create a new one. The default DNS group is called

CiscoUmbrellaDNSServerGroup, which includes the OpenDNS servers.

This setting sets the data interface DNS server. The Management DNS server that you set with the setup

wizard is used for management traffic. The data DNS server is used for DDNS (if configured) or for

security policies applied to this interface. You are likley to choose the same DNS server group that you

used for Management, because both management and data traffic reach the DNS server through the outside

interface.

On CDO, the data interface DNS servers are configured in the Platform Settings policy that you assign

to this threat defense. When you add the threat defense to CDO, the local setting is maintained, and the

DNS servers are not added to a Platform Settings policy. However, if you later assign a Platform Settings

policy to the threat defense that includes a DNS configuration, then that configuration will overwrite the

local setting. We suggest that you actively configure the DNS Platform Settings to match this setting to

bring CDO and the threat defense into sync.

Also, local DNS servers are only retained by CDO if the DNS servers were discovered at initial registration.

c) For the Management Center/CDO Access Interface, choose outside.

You can choose any configured interface, but this guide assumes you are using outside.

Step 9

If you chose a different data interface from outside, then add a default route.

You will see a message telling you to check that you have a default route through the interface. If you chose

outside, you already configured this route as part of the setup wizard. If you chose a different interface, then

you need to manually configure a default route before you connect to CDO. See

the Device Manager, on page 101

Step 10

Click Add a Dynamic DNS (DDNS) method.

DDNS ensures CDO can reach the threat defense at its Fully-Qualified Domain Name (FQDN) if the threat

defense's IP address changes. See Device > System Settings > DDNS Service to configure DDNS.

Cisco Firepower 1100 Getting Started Guide

136

for more information about configuring static routes in the device manager.

Threat Defense Deployment with CDO

Configure the Firewall in

Table of Contents

Chapters

Table of Contents

This manual is also suitable for:

Firepower 2100

Cisco Firepower 1100 Getting Started Manual page 138

Chapters

Related Manuals for Cisco Firepower 1100

Related Products for Cisco Firepower 1100

This manual is also suitable for:

Table of Contents