Cisco Firepower Threat Defense for the ASA 5506-X Series Using Firepower Device Manager Quick Start Guide
Note:
The physical management interface is shared between the Management logical interface and the
Diagnostic logical interface; see the "Interfaces" chapter of the
Guide for Firepower Device
The Firepower Threat Defense system requires Internet access for licensing and updates. The system can
obtain system database updates through the gateway for the outside interface. You do not need to have an
explicit route from the management port or network to the Internet. The default is to use internal routes
through the data interfaces.
About the Default Configuration (Version 6.1)
The default configuration assumes that you will connect the management and inside interfaces to the same
network using a switch. The inside interface is configured as a DHCP server, so you can attach your management
workstation to the same switch and get an address through DHCP on the same network. Then you can open the
Firepower Device Manager web interface.
For complete information about the default configuration, see the
Guide for Firepower Device
The following figure shows the recommended network deployment for Firepower Threat Defense on the ASA
5506-X series of appliances, including the ASA 5506W-X with the built-in wireless access point.
Figure 4
Suggested Network Deployment - Version 6.1
Management Computer
DHCP from inside:192.168.45.x
Note:
You must use a separate inside switch in your deployment.
The example configuration enables the above network deployment with the following behavior.
inside --> outside traffic flow
outside IP address from DHCP
(ASA 5506W-X) wifi <--> inside, wifi --> outside traffic flow
DHCP for clients on inside and wifi. The access point itself and all its clients use the ASA as the DHCP server.
Management 1/1 is used to set up and manage the device using the Firepower Device Manager, a simplified
single-device manager included on the box.
The Management interface requires Internet access for updates. When you put Management on the same
network as an inside interface, you can deploy the Firepower Threat Defense device with only a switch on the
inside and point to the inside interface as its gateway.
The physical management interface is shared between the Management logical interface and the Diagnostic
logical interface; see the "Interfaces" chapter of the
Firepower Device
Manager.
Manager.
Layer 2
Switch
GigabitEthernet 1/2
Manager.
4. Deploy the Firepower Threat Defense in Your Network
Cisco Firepower Threat Defense Configuration
Cisco Firepower Threat Defense Configuration
Gateway
Firepower
Threat Defense
inside
192.168.45.1
Management
Management 1/1
IP Address:
192.168.45.45
Cisco Firepower Threat Defense Configuration Guide for
4
outside
Internet
GigabitEthernet 1/1
AP
wifi
GigabitEthernet 1/9 (internal)
192.168.10.1
Access Point IP address: 192.168.10.2