Change Both Firewall
Management Center and Threat Defense IP Addresses
You might want to change both Firewall Management
Center and Firewall Threat Defense IP addresses if you need to move them to a new network.
Procedure
1
Disable the management connection.
For a high-availability pair or cluster, perform these steps on all
units.
Choose Devices > Device Management.
Next to the device, click Edit ().
Click Device, and view the
Management area.
Disable management temporarily by clicking the slider so it is disabled
().
Figure 1: Disable Management
You are prompted to proceed with disabling management; click Yes.
2
Change the device IP address in the Firewall Management
Center to the new device IP address.
You will change the IP address on the device later.
For a high-availability pair or cluster, perform these steps on all
units.
Edit the Remote Host
Address IP address
and optional Secondary Address (when using a
redundant data interface) or hostname by clicking Edit ().
Figure 2: Edit Management Address
In the Management dialog box, modify the name or
IP address in the Remote
Host Address field and
the optional Secondary Address field,
and click Save.
Figure 3: Management IP Address
3
Change the Firewall Management
Center IP address.
Be careful when making changes to the Firewall Management
Center interface to which you are connected; if you cannot re-connect
because of a configuration error, you need to access the Firewall Management
Center console port to re-configure the network settings in the Linux shell.
You must contact Cisco TAC to guide you in this operation.
Choose .
In the Interfaces area,
click Edit next to the
interface that you want to configure.
Change the IP address, and click Save.
4
Change the manager IP address on the device.
For a high-availability pair or cluster, perform these steps on all
units.
At the Firewall Threat Defense CLI, view the Firewall Management
Center identifier.
show managers
> show managers
Type : Manager
Host : 10.10.1.4
Display name : 10.10.1.4
Identifier : f7ffad78-bf16-11ec-a737-baa2f76ef602
Registration : Completed
Management type : Configuration
Edit the Firewall Management
Center IP address or hostname.
If the Firewall Management
Center was originally identified by
DONTRESOLVE and a NAT ID, you can
change the value to a hostname or IP address using this command. You
cannot change an IP address or hostname to
DONTRESOLVE.
Choose Devices > Device Management > Interfaces, and set the IP address to match the new address.
Return to the Manager Access -
Configuration Details dialog box, and click
Acknowledge to remove the deployment
block.
8
Ensure the management connection is reestablished.
In the Firewall Management
Center, check the management connection status on the Devices > Device Management > Device > Management > Manager Access - Configuration
Details > Connection Status page.
At the Firewall Threat Defense CLI, enter the sftunnel-status-brief command to
view the management connection status.
The following status shows a successful connection for a data interface,
showing the internal "tap_nlp" interface.
Figure 5: Connection Status
9
(For a high-availability Firewall Management
Center pair) Repeat configuration changes on the secondary Firewall Management
Center.
Change the secondary Firewall Management
Center IP address.
Specify the new peer addresses on both units.
Make the secondary unit the active unit.
Disable the device management connection.
Change the device IP address in the Firewall Management
Center.
).
).
).