https://community.cisco.com/t5/network-security/fxos-management-ip/m-p/3062648#M134302 <P>I have noticed the interface use for management should be assigned to the asa from pool of interfaces</P> <P></P> <P>the management /rj45 used for the FW4110 is not used by the logical devices correct ?</P> <P></P> <P>Another question I have is , is there a difference between slot1 or slot 2?</P> <P>The FW has 3 x 8 ports SFP+.</P> <P>First 8 are built in , second and third are on a module named SSP.</P> <P>I guess they will have the same use as the first built in module</P> <P></P> <P></P> <P>also to confirm, does FMC virtual support running two firewalls in HA?</P> Mon, 10 Jul 2017 13:12:09 GMT cisco8887 2017-07-10T13:12:09Z https://community.cisco.com/t5/network-security/fxos-management-ip/m-p/3062645#M134299 <P>All,&nbsp;</P> <P></P> <P>When you create a logical device in FXOS , as part of it one adds a management IP like below</P> <P></P> <P>where is this used?</P> <P>I can't get my head around it as it is not pingable and what is is mapped to?</P> <P>Same applies to the password command</P> <P></P> <P></P> <P>Firepower /ssa/logical-device/mgmt-bootstrap* #<SPAN>&nbsp;</SPAN><SPAN class="synph"><SPAN class="kwd">create</SPAN><SPAN>&nbsp;</SPAN><SPAN class="kwd">ipv4</SPAN><SPAN>&nbsp;</SPAN><SPAN class="var">slot_id</SPAN><SPAN>&nbsp;</SPAN><SPAN class="kwd">firepower</SPAN></SPAN></P> <P><SPAN class="synph"><SPAN class="kwd"></SPAN></SPAN></P> <P><SPAN class="synph"><SPAN class="kwd"><SPAN>Specify the password to use for the logical device:</SPAN><SPAN></SPAN></SPAN></SPAN></P> <SECTION class="p">Firepower /ssa/logical-device/mgmt-bootstrap* #<SPAN>&nbsp;</SPAN><SPAN class="synph"><SPAN class="kwd">create</SPAN><SPAN>&nbsp;</SPAN><SPAN class="kwd">bootstrap-key-secret</SPAN><SPAN>&nbsp;</SPAN><SPAN class="kwd">PASSWORD</SPAN></SPAN> <P>Firepower /ssa/logical-device/mgmt-bootstrap/bootstrap-key-secret* #<SPAN>&nbsp;</SPAN><SPAN class="synph"><SPAN class="kwd">set</SPAN><SPAN>&nbsp;</SPAN><SPAN class="kwd">value</SPAN></SPAN></P> <P>Value:<SPAN>&nbsp;</SPAN><SPAN class="synph"><SPAN class="var">password</SPAN></SPAN></P> <P><SPAN class="synph"></SPAN></P> <P><SPAN class="synph"></SPAN></P> <P><SPAN class="synph">is the parameters in the &nbsp;end of the sentence "<SPAN class="kwd">create</SPAN><SPAN>&nbsp;</SPAN><SPAN class="kwd">bootstrap-key-secret</SPAN><SPAN>&nbsp;</SPAN><SPAN class="kwd">PASSWORD" has to be the same as what cisco documents says ?</SPAN></SPAN></P> <P><SPAN class="synph"><SPAN class="kwd"></SPAN></SPAN></P> <P><SPAN class="synph"><SPAN class="kwd">For instance you can type PASSWORD or&nbsp;<SPAN>FQDN or DNS_Servers</SPAN></SPAN></SPAN></P> <P><SPAN class="synph"><SPAN class="kwd"><SPAN></SPAN></SPAN></SPAN></P> <P><SPAN class="synph"><SPAN class="kwd"><SPAN>many thanks</SPAN></SPAN></SPAN></P> </SECTION> <P><SPAN class="synph"></SPAN></P> <P><SPAN class="synph"></SPAN></P> <P><SPAN class="synph"></SPAN></P> Tue, 12 Mar 2019 09:40:00 GMT https://community.cisco.com/t5/network-security/fxos-management-ip/m-p/3062645#M134299 cisco8887 2019-03-12T09:40:00Z https://community.cisco.com/t5/network-security/fxos-management-ip/m-p/3062646#M134300 <P>The management IP is the address of the management interface of the logical device (ASA or FTD). It won't be up until the logical device is fully initialized and, in the case of an ASA logical device, the interface is configured to be "no shut". You need to be sure to allocate a physical&nbsp;interface from the chassis to the management interface.</P> <P>The bootstrap-key-secret PASSWORD is a mechanism designed to better secure the boot process. I'm not positive but I don't believe it's mandatory to use one.</P> Fri, 07 Jul 2017 02:07:00 GMT https://community.cisco.com/t5/network-security/fxos-management-ip/m-p/3062646#M134300 Marvin Rhoads 2017-07-07T02:07:00Z https://community.cisco.com/t5/network-security/fxos-management-ip/m-p/3062647#M134301 <P>This is the same interface that would be talking to FMC.</P> <P></P> <P></P> Fri, 07 Jul 2017 05:41:54 GMT https://community.cisco.com/t5/network-security/fxos-management-ip/m-p/3062647#M134301 prashant dwivedi 2017-07-07T05:41:54Z https://community.cisco.com/t5/network-security/fxos-management-ip/m-p/3062648#M134302 <P>I have noticed the interface use for management should be assigned to the asa from pool of interfaces</P> <P></P> <P>the management /rj45 used for the FW4110 is not used by the logical devices correct ?</P> <P></P> <P>Another question I have is , is there a difference between slot1 or slot 2?</P> <P>The FW has 3 x 8 ports SFP+.</P> <P>First 8 are built in , second and third are on a module named SSP.</P> <P>I guess they will have the same use as the first built in module</P> <P></P> <P></P> <P>also to confirm, does FMC virtual support running two firewalls in HA?</P> Mon, 10 Jul 2017 13:12:09 GMT https://community.cisco.com/t5/network-security/fxos-management-ip/m-p/3062648#M134302 cisco8887 2017-07-10T13:12:09Z https://community.cisco.com/t5/network-security/fxos-management-ip/m-p/3062649#M134303 <P>Correct - the management ports built into the chassis (SFP Ethernet and console) are not for managing the logical device.</P> <P>You can session to a logical device once you log into the chassis but they aren't generally intended for that purpose.</P> <P>Whether you use the built in SFP+ interfaces or those on an expansion module is up to you. Given the cost of the expansion modules most people don't go onto those until they run out of ports in the base unit.</P> <P>I answered in the other thread but yes - FMC can support multiple firewalls in HA, clustered or otherwise. You are restricted only by what is licensed for.</P> Mon, 10 Jul 2017 15:49:19 GMT https://community.cisco.com/t5/network-security/fxos-management-ip/m-p/3062649#M134303 Marvin Rhoads 2017-07-10T15:49:19Z