Manage an FDM-Managed Device from the Inside Interface
This configuration method:
-
Assumes that the FDM-managed device has not been on-boarded to CDO.
-
Configures a data interface as the inside interface.
-
Configures the inside interface to receive MGMT traffic (HTTPS).
-
Allows the address of the cloud connector to reach the inside interface of the device.
Before you begin
Procedure
Step 1 | Log in to the Secure Firewall device manager. |
Step 2 | In the System Settings menu, click Management Access. |
Step 3 | Click the Data Interfaces tab and click Create Data Interface.
|
Step 4 | Deploy the change. You can now manage the device using the inside interface. |
What to do next
What if you are using a Cloud Connector?
Use the procedure above and add these steps:
-
Add a step to "NAT" the outside interface to (203.0.113.2) to the inside interface (192.168.1.1).
-
In step 3c of the procedure above, your "Allowed Network" is a network group object containing the the public IP addresses of the cloud connector.
-
Add a step that creates an Access Control rule allowing access to the outside interface (203.0.113.2) from the public IP addresses of the cloud connector.
If you are a customer in Europe, the Middle East, or Africa (EMEA), and you connect to CDO at https://defenseorchestrator.eu/, these are the public IP addresses of the cloud connector:
-
35.157.12.126
-
35.157.12.15
If you are a customer in the United States, and you connect to CDO at https://defenseorchestrator.com/, these public IP addresses of the cloud connector:
-
52.34.234.2
-
52.36.70.147
If you are a customer in the Asia-Pacific-Japan-China (AJPC) region, and you connect to CDO at https://www.apj.cdo.cisco.com/, allow inbound access from the following IP addresses:
-
54.199.195.111
-
52.199.243.0
Onboard the FDM-Managed Device
The recommended way of onboarding the FDM-managed device to CDO is to use the registration token onboarding approach. After you configure the inside interface to allow management access from the Cloud Connector to the FDM-managed device, onboard the FDM-managed device with the user name and password.