This post is to guide you through the steps to integrate a Firepower Threat Defense (FTD) Firewall to the Firepower Management Center (FMC) for centralised management. For this integration I am using FTD 2110 and virtual FMC deployed in VMware ESXi.
- Login to FTD through Console or SSH. Enter below command to configure the FMC. You need the FMC IP address and the passphrase to register the device to FMC.
Note: If the FTD to FMC communication is through another Firewall, make sure the required ports are open. FMC requires TCP 443 (inbound) and 8305 (inbound & outbound).
>configure manager add [FMC_IP_Address] [Registration_Key]
- Use below command to identify the status of integration.
>show managers
- Now, login to the FMC, select Devices and then Device Management.
- Click on Add and then Add Device.
- Create a policy to be applied on the FTD. You can create three Default Access Policies.
Block All Traffic: As name implies, it blocks all the traffic.
Intrusion Prevention: a balanced Intrusion Prevention Policy will be created to inspect the traffic.
Network Discovery: It allows all the network traffic and performs network discovery.
Since this is initial configuration of FTD, I am using Network Discovery Policy.
- Enter the details of the FTD and the Registration Key as defined in FTD and select the Smart Licensing entitlement to add the device to FMC.
- If the Registration Key is identical as configured in FTD and the communication between FMC & FTD is successful, the FTD will get registered in the FMC. Make sure you have “Green Tick” next to the FTD. This means the FTD registration with FMC is successful.
- This also can be verified in the FTD CLI.
Now the FTD is registered with FMC and ready to be managed from FMC.