Skip to main content



Cisco Defense Orchestrator

Add Interfaces to a Virtual FTD

When you deploy a Firepower Threat Defense Virtual device, you assign interfaces to the virtual machine. Then, from within Firepower Device Manager, you configure those interfaces using the same methods you would use for a hardware device.

However, you cannot add more virtual interfaces to the virtual machine and then have Firepower Device Manager automatically recognize them. If you need more physical-interface equivalents for a Firepower Threat Defense Virtual device, you basically have to start over. You can either deploy a new virtual machine, or you can use the following procedure.

Caution: Adding interfaces to a virtual machine requires that you completely wipe out the Firepower Threat Defense Virtual configuration. The only part of the configuration that remains intact is the management address and gateway settings.

Before You Begin

Do the following in Firepower Device Manager:

  • Examine the Firepower Threat Defense Virtual configuration and make notes on settings that you will want to replicate in the new virtual machine.
  • Select Devices > Smart License > View Configuration and disable all feature licenses.


  1.  Power off the Firepower Threat Defense Virtual device.
  2.  Using the virtual machine software, add the interfaces to the Firepower Threat Defense Virtual device. For VMware, virtual appliances use e1000 (1 Gbit/s) interfaces by default. You can also use vmxnet3 or ixgbe (10 Gbit/s) interfaces
  3.  Power on the Firepower Threat Defense Virtual device.

  4. Open the Firepower Threat Defense Virtual console, delete the local manager, then enable the local manager. Deleting the local manager, then enabling it, resets the device configuration and gets the system to recognize the new interfaces. The management interface configuration does not get reset. The following SSH session shows the commands.

> show managers

Managed locally.

> configure manager delete

If you enabled any feature licenses, you must disable them in Firepower Device Manager before deleting the local manager. Otherwise, those licenses remain assigned to the device in Cisco Smart Software Manager.

Do you want to continue[yes/no] yes

DCHP Server Disabled

> show managers

No managers configured.

> configure manager local


  1. Open a browser session to Firepower Device Manager, complete the device setup wizard, and configure the device. See the "Complete the Initial Configuration" section of the Getting Started chapter of Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager, Version x.x.x, guide for more instructions.
  • Was this article helpful?