Learn the steps to configure Cisco Secure Firewall Threat Defense (FTD) for Network Address Translation (NAT) using more than two interfaces per context when transitioning from transparent to routed mode.
Table of Contents
Question
A network engineer must configure an existing firewall to have a NAT configuration. The new configuration must support more than two interfaces per context. The firewall has previously been operating in transparent mode. The Cisco Secure Firewall Threat Defense (FTD) device has been deregistered from Cisco Secure Firewall Management Center (FMC). Which set of configuration actions must the network engineer take next to meet the requirements?
A. Run the configure firewall routed command from the Secure FTD device CLI, and reregister with Secure FMC.
B. Run the configure manager add routed command from the Secure FMC CLI. and reregister with Secure FMC.
C. Run the configure manager add routed command from the Secure FTD device CLI, and reregister with Secure FMC.
D. Run the configure firewall routed command from the Secure FMC CLI. and reregister with Secure FMC.
Answer
A. Run the configure firewall routed command from the Secure FTD device CLI, and reregister with Secure FMC.
Explanation
To configure a Cisco Secure Firewall Threat Defense (FTD) device that was previously operating in transparent mode to support NAT with more than two interfaces per context, the network engineer should follow these steps:
- Run the command “configure firewall routed” from the CLI of the Cisco Secure Firewall Threat Defense (FTD) device. This command will change the firewall mode from transparent to routed, enabling the device to perform NAT and support multiple interfaces per context.
- After running the “configure firewall routed” command on the FTD device, re-register the device with Cisco Secure Firewall Management Center (FMC). This step is necessary to ensure that FMC can manage and monitor the FTD device in its new routed configuration.
It’s important to note that the “configure firewall routed” command must be run directly on the Cisco Secure Firewall Threat Defense device CLI, not from the Cisco Secure Firewall Management Center CLI. Additionally, the “configure manager add” command is not relevant in this scenario, as it is used for adding a new device to FMC, rather than changing the mode of an existing device.
In summary, to meet the requirements of configuring NAT with support for more than two interfaces per context on a Cisco Secure Firewall Threat Defense device that was previously operating in transparent mode, the network engineer must run the “configure firewall routed” command from the FTD device CLI and then re-register the device with Cisco Secure Firewall Management Center.
Therefore, the correct answer is option A: Run the configure firewall routed command from the Secure FTD device CLI, and reregister with Secure FMC.
Cisco 300-710 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Cisco 300-710 exam and earn Cisco 300-710 certification.