Change the Manager Access Interface from Data to Management
You can manage the Firewall Threat Defense from either the dedicated Management interface or from a data interface. If you want to change the manager access interface after you added the device to the Firewall Management Center, follow these steps to migrate from a data interface to the Management interface. To migrate the other direction, see Change the Manager Access Interface from Management to Data.
Initiating the manager access migration from data to Management causes the Firewall Management Center to apply a block on deployment to the Firewall Threat Defense. You must disable manager access on the data interface to remove the block.
See the following steps to disable manager access on a data interface, and also configure other required settings.
Before you begin
For high-availability pairs, unless stated otherwise, perform all steps only on the active unit. Once the configuration changes are deployed, the standby unit synchronizes configuration and other state information from the active unit.
Procedure
| 1 |
Initiate the interface migration.
|
| 2 |
Disable manager access on the data interface(s). Click Interfaces, click Edit ( Uncheck Enable management access and click OK. Click Save on the Interfaces page. This step removes the block on deployment. |
| 3 |
If you have not already done so, configure DNS settings for the data interface in a Platform Setting policy, and apply it to this device at . See DNS. The Firewall Management Center deployment that disables manager access on the data interface will remove any local DNS configuration. If that DNS server is used in any security policy, such as an FQDN in an Access Rule, then you must re-apply the DNS configuration using the Firewall Management Center. |
| 4 |
Deploy configuration changes. The Firewall Management Center will deploy the configuration changes over the current data interface. |
| 5 |
If necessary, re-cable the Firewall Threat Defense so it can reach the Firewall Management Center on the Management interface. For High Availability, perform this step on both units. |
| 6 |
At the Firewall Threat Defense CLI, configure the Management interface IP address and gateway using a static IP address or DHCP. For high availability, perform this step on both units. When you originally configured the data interface for manager access, the Management gateway was set to data-interfaces, which forwarded management traffic over the backplane so it could be routed through the manager access data interface. You now need to set an IP address for the gateway on the management network. Static IP address: configure network {ipv4 | ipv6} manual ip_address netmask gateway_ip DHCP: configure network{ipv4 | ipv6} dhcp |
| 7 |
In the Cloud-Delivered Firewall Management Center, disable the management connection for the Firewall Threat Defense in the section, and then reenable the connection. |
| 8 |
Ensure the management connection is reestablished. In the Firewall Management Center, check the management connection status on the field or view notifications in the Firewall Management Center. At the Firewall Threat Defense CLI, enter the sftunnel-status-brief command to view the management connection status. If it takes more than 10 minutes to reestablish the connection, you should troubleshoot the connection. See Troubleshoot Management Connectivity on a Data Interface. |
) for the device. Click 
