Cisco Cisco Firepower Management Center 4000
6-20
FireSIGHT System User Guide
Chapter 6 Managing Devices
Configuring Remote Management
To enable communications between two appliances, you must provide a way for the appliances to
recognize each other. There are three criteria the FireSIGHT System uses when allowing
communications:
recognize each other. There are three criteria the FireSIGHT System uses when allowing
communications:
•
the hostname or IP address of the appliance with which you are trying to establish communication
In NAT environments, even if the other appliance does not have a routable address, you must provide
a hostname or an IP address either when you are configuring remote management, or when you are
adding the managed appliance.
a hostname or an IP address either when you are configuring remote management, or when you are
adding the managed appliance.
•
a self-generated alphanumeric registration key up to 37 characters in length that identifies the
connection
connection
•
an optional unique alphanumeric NAT ID that can help the FireSIGHT System establish
communications in a NAT environment
communications in a NAT environment
The NAT ID must be unique among all NAT IDs used to register managed appliances. For more
information, see
information, see
.
When you register a managed device to a Defense Center, the access control policy you select applies to
the device. In addition, the network discovery policy on the Defense Center automatically applies to the
device. However, if you do not enable licenses for the device required by features used in the access
control policy you select, the access control policy apply fails, causing the network discovery policy
apply to fail as well. If, for example, you select an access control policy with an intrusion policy as the
default action, and do not enable the Protection license, both the access control policy and the network
discovery policy apply fail.
the device. In addition, the network discovery policy on the Defense Center automatically applies to the
device. However, if you do not enable licenses for the device required by features used in the access
control policy you select, the access control policy apply fails, causing the network discovery policy
apply to fail as well. If, for example, you select an access control policy with an intrusion policy as the
default action, and do not enable the Protection license, both the access control policy and the network
discovery policy apply fail.
To configure remote management of the local appliance:
Access:
Admin
Step 1
On the web interface for the appliance you want to manage, select
System > Local > Registration
.
The Remote Management page appears.
Caution
Cisco strongly recommends that you not change the value for the management port. If you change it,
you must also change it for all appliances in your deployment that need to communicate with each other.
For more information, see
you must also change it for all appliances in your deployment that need to communicate with each other.
For more information, see
.
Step 2
Click
Add Manager
.
The Add Remote Management page appears.
Step 3
In the
Management Host
field, type the IP address or the hostname of the appliance that you want to use
to manage this appliance.
The hostname is the fully qualified domain name or the name that resolves through the local DNS to a
valid IP address.
valid IP address.
In a NAT environment, you do not need to specify an IP address or hostname here if you plan to specify
it when you add the managed appliance. In this case, the FireSIGHT System uses the NAT ID you will
provide later to identify the remote manager on the managed appliance’s web interface.
it when you add the managed appliance. In this case, the FireSIGHT System uses the NAT ID you will
provide later to identify the remote manager on the managed appliance’s web interface.
Caution
Use a hostname rather than an IP address if your network uses DHCP to assign IP addresses.
Step 4
In the
Registration Key
field, type the registration key that you want to use to set up communications
between appliances.