Configure Routed Mode Interfaces
This procedure describes how to set the name, security zone, and IPv4 address.
Note | Not all fields are supported for all interface types. |
Before you begin
-
Firepower 4100/9300
-
(Optional) Configure any special interfaces.
-
Add a Subinterface in management center
-
(Optional) All other models:
Procedure
Step 1 | Select Edit () for your threat defense device. The Interfaces page is selected by default. and click | |||||||||||||||||||||
Step 2 | Click Edit () for the interface you want to edit. | |||||||||||||||||||||
Step 3 | In the Name field, enter a name up to 48 characters in length. You cannot start the name with the phrase "cluster". It is reserved for internal use. | |||||||||||||||||||||
Step 4 | Enable the interface by checking the Enabled check box. | |||||||||||||||||||||
Step 5 | (Optional) Set this interface to Management Only to limit traffic to management traffic; through-the-box traffic is not allowed. | |||||||||||||||||||||
Step 6 | (Optional) Add a description in the Description field. The description can be up to 200 characters on a single line, without carriage returns. | |||||||||||||||||||||
Step 7 | In the Mode drop-down list, choose None. Regular firewall interfaces have the mode set to None. The other modes are for IPS-only interface types. | |||||||||||||||||||||
Step 8 | From the Security Zone drop-down list, choose a security zone or add a new one by clicking New. The routed interface is a Routed-type interface, and can only belong to Routed-type zones. | |||||||||||||||||||||
Step 9 | See Configure the MTU for information about the MTU. | |||||||||||||||||||||
Step 10 | In the Priority field, enter a number ranging from 0–65535. This value is used in the policy based routing configuration. The priority is used to determine how you want to route the traffic across multiple egress interfaces. For more information, see Configure Policy-Based Routing Policy. | |||||||||||||||||||||
Step 11 | Click the IPv4 tab. To set the IP address, use one of the following options from the IP Type drop-down list. High Availability, clustering interfaces only support static IP address configuration; DHCP and PPPoE are not supported.
| |||||||||||||||||||||
Step 12 | (Optional) See Configure IPv6 Addressing to configure IPv6 addressing on the IPv6 tab. | |||||||||||||||||||||
Step 13 | (Optional) See Configure the MAC Address to manually configure the MAC address on the Advanced tab. | |||||||||||||||||||||
Step 14 | (Optional) Set the duplex and speed by clicking .
| |||||||||||||||||||||
Step 15 | (Optional) Enable management center manager access on a data interface on the FMC Access page. You can enable manager access from a data interface when you first setup the threat defense. If you want to enable or disable manager access after you added the threat defense to the management center, see:
If you want to change the manager access interface from one data interface to another data interface, you must disable manager access on the original data interface, but do not disable the interface itself yet; the original data interface must be used to perform the deployment. If you want to use the same IP address on the new manager access interface, you can delete or change the IP configuration on the original interface; this change should not affect the deployment. If you use a different IP address for the new interface, then also change the device IP address shown in the management center; see Update the Hostname or IP Address in the Management Center. Be sure to also update related configuration to use the new interface such as static routes, DDNS, and DNS settings. Manager access from a data interface has the following limitations:
| |||||||||||||||||||||
Step 16 | Click OK. | |||||||||||||||||||||
Step 17 | Click Save. You can now go to and deploy the policy to assigned devices. The changes are not active until you deploy them. |