Configure a Template for Threat Defense Devices Managed Using the Data Interface

To configure a template that you want to apply to a threat defense device that is managed using a data interface for management center connectivity, ensure that the connectivity parameters of the device match the template. This ensures that the Threat Defense device does not lose connectivity with the management center after application of the template. A template that you configure for threat defense devices managed using the data interface cannot be applied on devices that are not managed by the data interface.

The following is a list of connectivity parameters:

  • Data interface used to the manage the threat defense device. For example, Ethernet1/1.

  • Name of the interface. For example, outside.

  • IP address configured on the data interface. For example, DHCP or static IP.

  • Route configured for the data interface. This can be a default or specific route defined on the data interface used for connectivity between the threat defense device and the management center.

  • DDNS hostname configuration on the data interface.

If the connectivity parameters on the template do not match with the ones on the device, the template validation checks that are done to ensure that the template is successfully applied on the device will fail. The template is then not applied on the device. The template validation checks do not enforce an exact match for some parameters such as IP address or DDNS hostname. However, ensure that you configure such parameters to maintain connectivity between the threat defense device and the management center after deployment.

The following is a list of template validation checks done to ensure sanity of configurations that are required to manage the threat defense device using the data interface:

  • You cannot apply a template in which manager access to the device is configured with the management interface to a device in which manager access to the device is configured with the data interface.

  • You cannot apply a template in which manager access to the device is configured with the data interface to a device in which manager access to the device is configured with the management interface.

  • You cannot apply a template in which manager access to the device is configured with the single WAN data interface to a device in which manager access to the device is configured with the dual WAN data interface.

  • If any of the connectivity parameters do not match, you cannot apply a template in which manager access to the device is configured with the data interface to a device in which manager access to the device is configured with the data interface.

Perform the procedure given below to configure the template to manage threat defense devices using the data interface.

Procedure

Step 1

Choose Devices > Template Management.

Step 2

Click the Edit (edit icon) icon of the template that you want to configure to manage threat defense devices using the data interface.

Step 3

Click the Template Settings tab.

Step 4

In the General tile, toggle the Manage device by Data Interface button.

Step 5

You will see a popup asking you to pick a data interface for manager access. Click OK.

Step 6

Click the Interfaces tab.

Step 7

Click the Edit icon of the data interface that you want to use for manager access. The first data interface – Ethernet1/1 (outside interface), is the data interface that is most commonly used for manager access.

Step 8

In the Edit Physical Interface window, click the Manager Access tab.

Step 9

Check the Enable management access checkbox.

Step 10

Click OK. You will see that the interface that you selected for manager access has been marked with Manager Access.

Step 11

Click the DHCP tab.

Step 12

Click the DDNS Update Methods tab.

Step 13

Click +Add to add a DDNS update method.

Step 14

In the Add DDNS Update Method window, enter a Method Name and choose FMC only.

Step 15

Set the Update Interval as per your requirement.

Step 16

Click OK. You will see the method that you created in the DDNS Update Methods table.

Step 17

Click the DDNS Interface Settings tab.

Step 18

Click +Add to add dynamic DNS configuration.

Step 19

In the Add Dynamic DNS configuration window, choose values for the following fields:

  • Interface – Choose the interface enabled for manager access

  • Method Name – Choose the method that you created.

  • Host Name – Choose a variable for the hostname.

Do not edit the rest of the fields in this window.

Step 20

Click OK. The DDNS Interface Settings table is populated with the entry that you created.

Step 21

To configure the model mapping to ensure that the data interface set for manager access in the template matches the data interface selected for manager access on the device, click the Template Settings tab and click Model Mapping.

Step 22

Click Add Model Mapping.

Step 23

Choose the Device Model from the drop-down list.

Step 24

Map the date interface that is set for manager access in the template to the appropriate data interface on the device by choosing the interface from the Model Interface drop-down list.

Step 25

Click Save. The interface mappings are listed along with the device model and mapping status on the Model Mapping window. You can now apply the template on a device that is managed using the data interface.