Configuring FTD Basics with FMC

"The What?" - In this blog I will be covering FTD/FMC basics to include managing FTD instances from FMC & deploying/managing interfaces. First, to see more about FMC/FTD Registration/Communications & helpful tips see: FMC & FTD Communication/Registration Tidbit

"The Why?" - FirePower Management Center is the admin console that allows you to control a variety of Cisco products on multiple platforms. It is able to act as the event & policy manager for the following:

  • Cisco Secure Firewall with the Firewall Threat Defense (FTD) OS

  • Cisco ASA with FirePOWER Services

  • Cisco Secure IPS (Firepower Next-Gen IPS / NGIPS)

  • Cisco FirePOWER Threat Defense for ISR

  • Cisco Malware Defense (AMP)

FMC provides extensive intelligence about the users, applications, devices, threats and vulnerabilities that exist in your network. It also uses this information to analyze your network’s vulnerabilities.

"The How?" - Before we dive in to cover some FTD basics here is the topology I intend on using for the next several posts that will cover several FTD topics:

Note to see how to Start/Shutdown FMC/FTD Instances see: FTD/FMC/FCM Startup/Shutdown Process - Cisco 4110 NGFW

I want to start with covering the management of FTDv interfaces perspective. Once the FTDv are successfully registered to be managed by FMC we can rely on device management from within FMC:

We can see that I have successfully registered the two FTD instances depicted in the topology diagram (one routed/one transparent as expected).

Next, using FMC I have configured the interfaces to support the topology shared above for FTD2 (routed firewall):

I actually purposely configured sub-interfaces and a static interface just to show the differences. Lastly, here is the interface snippet for FTD1, the transparent firewall connection the windows client to the CSR across vlan 13 (bottom right in topology):

To get to interface configuration: Device Management->Devices->Click on Device->Interfaces

If you end up encountering FMC policy deployment errors, take a peek at the following tidbit: Troubleshooting FMC Policy Deployment Tidbit

Verifying interface configuration from FTD CLI:



Now all of the respective interfaces have been configured via FMC for both FTD units. All basic routing works between the CSRs, including the Windows client. Shown below is the Windows Client traffic traversing the transparent firewall across vlan 13:

Helpful Commands:

Reconfigure FMC Management Interface from CLI:

Reconfigure FMC interfaces from CLI:

#ifconfig <interface> x.x.x.x 

Reconfigure FMC default route from CLI:

#ip route add default via x.x.x.x

Confirm route:


Change firewall mode on FTD (must deregister from device manager first & remove configured managers from FTD CLI):

Firewall Mode Verification:

That about wraps up this FTD basics post. I will continue to build on this deployment/topology. Take a peek at the <ftd> tag to see more. Cheers!


Recent Posts

See All

Securing Routing Protocols on FTD

"The What?" - In this post I will be covering how to configure several routing protocols on FTD via FMC, how to secure the protocols, how to verify routing authentication, & how to simply verify that

Cisco 4110 Platform - Upgrade an HA Pair

"The What?" - In this post I am going to share how to properly upgrade a pair of 4110 units with FTD acting as an HA pair (Active/Standby). I will cover upgrading FXOS, FTD, FMC, & even firmware. "T