Cisco Firepower Threat Defense for the ASA 5506-X Series Using Firepower Device Manager Quick Start Guide
4. Deploy the Firepower Threat Defense in Your Network
3
4. Deploy the Firepower Threat Defense in Your Network
Note: The default configuration to use Firepower Device Manager to configure a Firepower Threat Defense device, 
which includes the inside address and management address, changed in Version 6.2. See Figure 3 on page 3 for 
the default topology for Version 6.2, and Figure 4 on page 4 for the default topology for Version 6.1.
About the Default Configuration (Version 6.2)
Except for the first data interface, and the Wi-Fi interface on an ASA 5506W-X, all other data interfaces on these 
device models are structured into the “inside” bridge group and enabled. There is a DHCP server on the inside 
bridge group. You can plug endpoints or switches into any bridged interface and endpoints get addresses on the 
192.168.1.0/24 network.
For complete information about the default configuration and the options you have to configure bridged interfaces, 
see the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager. 
The following figure shows the recommended network deployment for Firepower Threat Defense on the ASA 
5506-X series of appliances, including the ASA 5506W-X with the built-in wireless access point.
Figure 3 Suggested Network Deployment - Version 6.2
The example configuration enables the above network deployment with the following behavior.
 inside --> outside traffic flow 
 outside IP address from DHCP
 (ASA 5506W-X) wifi <--> inside, wifi --> outside traffic flow
 DHCP for clients on inside and wifi. There is a DHCP server on the inside bridge group. You can plug 
endpoints or switches directly into one of the bridged interfaces and get addresses on the 192.168.1.0/24 
network. There is a DHCP server on the wifi interface for the access point itself and all its clients.
HTTPS access is enabled on the inside bridge group, so you can open Firepower Device Manager through any 
inside bridge group member interface at the default address, 192.168.1.1. 
 Alternatively, you can connect to Management 1/1 to set up and manage the device using the Firepower 
Device Manager. There is a DHCP server on the management interface. You can plug your management 
computer directly into this interface and get an address on the 192.168.45.0/24 network. 
HTTPS access is enabled on the management interface, so you can open Firepower Device Manager through 
the management interface at the default address, 192.168.45.45. 
The default gateway for the management IP address is to use the data interfaces to route to the Internet. Thus, 
you do not need to wire the Management physical interface to a network. 
Management Computer
DHCP from inside:192.168.1.x
Firepower 
Threat Defense
inside bridge group      
Management 1/1
IP Address:
 192.168.45.45
outside
GigabitEthernet 1/2-1/8
192.168.1.1
GigabitEthernet 1/1
wifi
GigabitEthernet 1/9 (internal)
192.168.10.1
Access Point IP address: 192.168.10.2
Management
AP
Internet