Manage an FDM-Managed Device from the Inside Interface

This configuration method:

  • Assumes that the FDM-managed device has not been on-boarded to CDO.

  • Configures a data interface as the inside interface.

  • Configures the inside interface to receive MGMT traffic (HTTPS).

  • Allows the address of the cloud connector to reach the inside interface of the device.

Before you begin

Review the prerequisites for this configuration in these topics:

Procedure

Step 1

Log in to the Secure Firewall device manager.

Step 2

In the System Settings menu, click Management Access.

Step 3

Click the Data Interfaces tab and click Create Data Interface.

  1. In the Interface field, select the pre-named "inside" interface from the list of interfaces.

  2. In the Protocols field, select HTTPS if it is not already.

  3. In the Allowed Networks field, select the network objects that represent the networks inside your organization that will be allowed to access the inside address of the FDM-managed device. The IP address of the SDC or cloud connector should be among the addresses allowed to access the inside address of the device.

    In the Interface Addresses diagram, the SDC's IP address, 192.168.1.10 should be able to reach 192.168.1.1.

Step 4

Deploy the change. You can now manage the device using the inside interface.

What to do next

What if you are using a Cloud Connector?

Use the procedure above and add these steps:

  • Add a step to "NAT" the outside interface to (203.0.113.2) to the inside interface (192.168.1.1).

  • In step 3c of the procedure above, your "Allowed Network" is a network group object containing the the public IP addresses of the cloud connector.

  • Add a step that creates an Access Control rule allowing access to the outside interface (203.0.113.2) from the public IP addresses of the cloud connector.

If you are a customer in Europe, the Middle East, or Africa (EMEA), and you connect to CDO at https://defenseorchestrator.eu/, these are the public IP addresses of the cloud connector:

  • 35.157.12.126

  • 35.157.12.15

If you are a customer in the United States, and you connect to CDO at https://defenseorchestrator.com/, these public IP addresses of the cloud connector:

  • 52.34.234.2

  • 52.36.70.147

If you are a customer in the Asia-Pacific-Japan-China (AJPC) region, and you connect to CDO at https://www.apj.cdo.cisco.com/, allow inbound access from the following IP addresses:

  • 54.199.195.111

  • 52.199.243.0

Onboard the FDM-Managed Device

The recommended way of onboarding the FDM-managed device to CDO is to use the registration token onboarding approach. After you configure the inside interface to allow management access from the Cloud Connector to the FDM-managed device, onboard the FDM-managed device with the user name and password.