7-8
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 7 ASA FirePOWER Module
Perform Initial ASA FirePOWER Setup
ASA 5506-X through ASA 5555-X (Software Module)
These models run the ASA FirePOWER module as a software module, and the ASA FirePOWER
management interface shares the Management 0/0 or Management 1/1 interface (depending on your
model) with the ASA.
The following figure shows the recommended network deployment for the ASA 5500-X with the ASA
FirePOWER module:
For the ASA 5506-X, 5508-X, and 5516-X, the default configuration enables the above network
deployment; the only change you need to make is to set the module IP address to be on the same network
as the ASA inside interface and to configure the module gateway IP address.
For other models, you must remove the ASA-configured name and IP address for Management 0/0 or
1/1, and then configure the other interfaces as indicated above.
Note If you want to deploy a separate router on the inside network, then you can route between management
and inside. In this case, you can manage both the ASA and ASA FirePOWER module on the
Management interface with the appropriate configuration changes.
ASA Management 0/0
Module Management 1/0
Set IP to be on same network as M0/0
Management PC
Layer 2
Switch
ASA
management outside
Module
Internet
Module Gateway
to Internet
Management PC
Layer 2
Switch
ASA
inside
Management 1/1
No ASA IP address
ASA FirePOWER IP address: 192.168.1.2
outside
ASA FirePOWER Default Gateway
GigabitEthernet 1/2
192.168.1.1
GigabitEthernet 1/1
FP
Internet
To Next Page
Loading...
Need help?
General
