Change the Firewall Management Center IP Address

If you change the Firewall Management Center IP address or hostname, you should also change the value at the device CLI so the configurations match. Although in most cases, the management connection will be reestablished without changing the Firewall Management Center IP address or hostname on the device, in at least one case, you must perform this task for the connection to be reestablished: when you added the device to the Firewall Management Center and you specified the NAT ID only. Even in other cases, we recommend keeping the Firewall Management Center IP address or hostname up to date for extra network resiliency.

Procedure

Step 1

Change the Firewall Management Center IP address.

Caution

Be careful when making changes to the Firewall Management Center interface to which you are connected; if you cannot re-connect because of a configuration error, you need to access the Firewall Management Center console port to re-configure the network settings in the Linux shell. You must contact Cisco TAC to guide you in this operation.

  1. Choose .

  2. In the Interfaces area, click Edit next to the interface that you want to configure.

  3. Change the IP address, and click Save.

Step 2

At the Firewall Threat Defense CLI, view the Firewall Management Center identifier.

show managers

Example:


> show managers
Type                      : Manager
Host                      : 10.10.1.4
Display name              : 10.10.1.4
Identifier                : f7ffad78-bf16-11ec-a737-baa2f76ef602
Registration              : Completed
Management type           : Configuration

Step 3

At the Firewall Threat Defense CLI, edit the Firewall Management Center IP address or hostname.

configure manager edit identifier {hostname {ip_address | hostname} | displayname display_name}

If the Firewall Management Center was originally identified by DONTRESOLVE and a NAT ID, you can change the value to a hostname or IP address using this command. You cannot change an IP address or hostname to DONTRESOLVE .

The management connection will go down, and then reestablish. You can monitor the state of the connection using the sftunnel-status command.

Example:


> configure manager edit f7ffad78-bf16-11ec-a737-baa2f76ef602 hostname 10.10.5.1