Table of Contents
Advertisement
Pre-Configuration Using the CLI
Enter a comma-separated list of search domains or 'none' []:
If your networking information has changed, you will need to reconnect.
For HTTP Proxy configuration, run 'configure network http-proxy'
Manage the device locally? (yes/no) [yes]: no
Configure firewall mode? (routed/transparent) [routed]:
Configuring firewall mode ...
Update policy deployment information
- add device configuration
- add network discovery
- add system policy
You can register the sensor to a Firepower Management Center and use the
Firepower Management Center to manage it. Note that registering the sensor
to a Firepower Management Center disables on-sensor Firepower Services
management capabilities.
When registering the sensor to a Firepower Management Center, a unique
alphanumeric registration key is always required.
a sensor to a Firepower Management Center, you must provide the hostname or
the IP address along with the registration key.
'configure manager add [hostname | ip address ] [registration key ]'
However, if the sensor and the Firepower Management Center are separated by a
NAT device, you must enter a unique NAT ID, along with the unique registration
key.
'configure manager add DONTRESOLVE [registration key ] [ NAT ID ]'
Later, using the web interface on the Firepower Management Center, you must
use the same registration key and, if necessary, the same NAT ID when you add
this sensor to the Firepower Management Center.
>
Step 6
Configure the outside interface for manager access.
configure network management-data-interface
You are then prompted to configure basic network settings for the outside interface. See the following details
for using this command:
• The Management interface cannot use DHCP if you want to use a data interface for management. If you
did not set the IP address manually during initial setup, you can set it now using the configure network
{ipv4 | ipv6} manual command. If you did not already set the Management interface gateway to
data-interfaces, this command will set it now.
• When you add the threat defense to the management center, the management center discovers and
maintains the interface configuration, including the following settings: interface name and IP address,
static route to the gateway, DNS servers, and DDNS server. For more information about the DNS server
configuration, see below. In the management center, you can later make changes to the manager access
interface configuration, but make sure you don't make changes that can prevent the threat defense or the
management center from re-establishing the management connection. If the management connection is
disrupted, the threat defense includes the configure policy rollback command to restore the previous
deployment.
• If you configure a DDNS server update URL, the threat defense automatically adds certificates for all
of the major CAs from the Cisco Trusted Root CA bundle so that the threat defense can validate the
DDNS server certificate for the HTTPS connection. The threat defense supports any DDNS server that
uses the DynDNS Remote API specification
Cisco Firepower 1100 Getting Started Guide
54
Threat Defense Deployment with a Remote Management Center
In most cases, to register
(https://help.dyn.com/remote-access-api/).
Advertisement
Chapters
Table of Contents
