By default, the Cisco Secure Firepower Management Center 1700 uses a copper-based eth0 interface for management. If you want to use a fiber optic NIC, which could be eth3, you have to configure this in expert mode.
Change the Management Interface using Console CLI
Enter expert mode
Enter expert mode and use vi to change eth0 to eth3
>
> expert
Deconfigure IP
If eth0 is already configured, the corresponding configuration file should be reset, as it could interfere with the new configuration."
$ sudo vi /etc/sysconfig/network-devices/ifcfg-eth0
# automatically generated on Wed Apr 30 12:43:26 UTC 2025
ONBOOT=yes
BOOTPROTO_V6=disable
BOOTPROTO=disable
MTU=1500
Change Interface
The interface used for management is configured in the file /etc/sf/ims.conf. We can use sed to change eth0 to eth3.
$ sudo sed -i 's/^MANAGEMENT=eth0/MANAGEMENT=eth3/' /etc/sf/ims.conf
IP configuration
Shutdown old interface eth0 and configure the new interface.
$ sudo ip link set eth0 down
$ sudo /usr/local/sf/bin/configure-network
Verification
Use the ip and route commands for verification. The interface eth3 should be UP and have the correct IP address. The route command should show the correct default gateway.
$ip --brief address show eth3
eth3 UP xx.xxx.xxx.114/24
$
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 xx.xxx.xxx.1 0.0.0.0 UG 0 0 0 eth3
xx.xxx.xxx.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3
172.18.0.0 0.0.0.0 255.255.255.224 U 0 0 0 docker0
After a few seconds a ping should retrieve replies. Nevertheless the FMC should be rebooted.
$ sudo reboot