(Firepower and Secure Firewall hardware models) The console port connects to the FXOS CLI. The SSH session connects directly to the Firewall Threat Defense CLI.

At the console port, you connect to the FXOS CLI. The first time you log in to FXOS, you are prompted to change the password. This password is also used for the Firewall Threat Defense login for SSH.

connect ftd

Defaults or previously entered values appear in brackets. To accept previously entered values, press Enter.

See the following guidelines:

• Configure IPv4 via DHCP or manually?—If you want to use a data interface for Firewall Threat Defense access instead of the management interface, choose manual. Although you do not plan to use the management interface, you must set an IP address, for example, a private address. You cannot configure a data interface for management if the management interface is set to DHCP, because the default route, which must be data-interfaces (see the next bullet), might be overwritten with one received from the DHCP server.

• Enter the IPv4 default gateway for the management interface—If you want to use a data interface for Firewall Threat Defense access instead of the management interface, set the gateway to be data-interfaces. This setting forwards management traffic over the backplane so it can be routed through the FMC access data interface.

• If your networking information has changed, you will need to reconnect—If you are connected with SSH but you change the IP address at initial setup, you will be disconnected. Reconnect with the new IP address and password. Console connections are not affected.

• Manage the device locally?—Enter YES to configure the device for the device to be managed by either the Cloud-Delivered Firewall Management Center or Secure Firewall Device Manager.

  Manage the device locally?—Enter NO to configure the device for remote management with the on-premises Firewall Management Center.

• Configure firewall mode?—We recommend that you set the firewall mode at initial configuration. Changing the firewall mode after initial setup erases your running configuration. Note that data interface Firewall Threat Defense access is only supported in routed firewall mode.

configure network management-data-interface

You are then prompted to configure basic network settings for the data interface.

See the following details for using this command. See About Data Interfaces for more informatio.

• The original management interface cannot use DHCP if you want to use a data interface for management. If you did not set the IP address manually during initial setup, you can set it now using the configure network {ipv4 | ipv6} manual command. If you did not already set the management interface gateway to data-interfaces, this command will set it now.

• When you onboard the device for Firewall Threat Defense management through Security Cloud Control, Security Cloud Control discovers and maintains the interface configuration, including the following settings: interface name and IP address, static route to the gateway, DNS servers, and DDNS server. For more information about the DNS server configuration, see below. You can later make changes to the access interface configuration, but make sure you don't make changes that can prevent the device or Security Cloud Control from re-establishing the management connection. If the management connection is disrupted, the device includes the configure policy rollback command to restore the previous deployment.

• This command sets the data interface DNS server. The Management DNS server that you set with the setup script (or using the configure network dns servers command) is used for management traffic. The data DNS server is used for DDNS (if configured) or for security policies applied to this interface.

  Also, local DNS servers are only retained if the DNS servers were discovered at initial registration. For example, if you registered the device using the Management interface, but then later configure a data interface using the configure network management-data-interface command, then you must manually configure all of these settings in Security Cloud Control, including the DNS servers, to match the device configuration.

• You can change the management interface after you onboard the Firewall Threat Defense for Firewall Threat Defense management through threat defense, to either the management interface or another data interface.

• The FQDN that you set in the setup wizard will be used for this interface.

• You can clear the entire device configuration as part of the command; you might use this option in a recovery scenario, but we do not suggest you use it for initial setup or normal operation.

• To disable data managemement, enter the configure network management-data-interface disable command.

configure network management-data-interface client ip_address netmask

By default, all networks are allowed.