Support for FDM-Managed Device with Management Access Interface Migration

Note
The Apply Template feature is not supported for a target device that has management access interface. Modify the FDM template manually before applying it on the target FDM-managed device.
When you apply any migrated FDM template on a target device that has management access interface configured, the apply template feature fails due to mismatch in the mapped interfaces. On the target FDM-managed device, the management access interface configuration and the corresponding static routes must be preserved to ensure the connectivity with Security Cloud Control. Therefore, to avoid connectivity failures, you must manually configure the management access interfaces along with required static routes by following these steps, and then apply the FDM template. This section provides the procedure that you must follow to ensure successful migration.

If there are multiple management access interfaces and the interfaces are configured incorrectly or unused, you must update the target FDM-managed device to maintain only the relevant management access interface configured, so that the unused interfaces can be used for the migrated configuration.

Procedure


Step 1

Update the physical interface in the template by modifying the IP address and subnet mask of the data interfaces so that it is the same as that of the management access interface.

Note
The management access interface of the Target FDM-managed device must be mapped with the management access interface in the FDM template. The IP address and subnet mask of the FDM template must be the same as that of the target FDM-managed device.
  1. Navigate to the Security Devices page.

  2. Click the Template tab.

  3. Click the Threat Defense tab and select the FDM device template.

  4. Choose Interface from the Management pane.

  5. Click Edit in the Editing Physical Interface dialog box.

  6. Enter the IP Address and the Subnet Mask.

  7. Click Save.

Step 2

Add the data interface as management access interface in the template settings:

  1. Navigate to the Security Devices page.

  2. Click the Template tab.

  3. Click the Threat Defense tab and select the FDM device template.

  4. Navigate to Settings on the right side of the Management pane.

  5. In the Data Interface pane, click + to add an interface as management access interface.

    Note
    Ensure that the data interface has a name, state, and the IP address.
  6. Click Save.

Step 3

Add or update the static routes with the interfaces associated on the device. When you map the management access interface to an additional interface, set the routing configuration for the selected FDM-managed device.

For more information to add or update the static routes, see Configure Static for Threat Devices.