Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Firewalls Community


FXOS Management IP


When you create a logical device in FXOS , as part of it one adds a management IP like below

where is this used?

I can't get my head around it as it is not pingable and what is is mapped to?

Same applies to the password command

Firepower /ssa/logical-device/mgmt-bootstrap* # create ipv4 slot_id firepower

Specify the password to use for the logical device:

Firepower /ssa/logical-device/mgmt-bootstrap* # create bootstrap-key-secret PASSWORD

Firepower /ssa/logical-device/mgmt-bootstrap/bootstrap-key-secret* # set value

Value: password

is the parameters in the  end of the sentence "create bootstrap-key-secret PASSWORD" has to be the same as what cisco documents says ?

For instance you can type PASSWORD or FQDN or DNS_Servers

many thanks

Hall of Fame Master

The management IP is the

The management IP is the address of the management interface of the logical device (ASA or FTD). It won't be up until the logical device is fully initialized and, in the case of an ASA logical device, the interface is configured to be "no shut". You need to be sure to allocate a physical interface from the chassis to the management interface.

The bootstrap-key-secret PASSWORD is a mechanism designed to better secure the boot process. I'm not positive but I don't believe it's mandatory to use one.


I have noticed the interface

I have noticed the interface use for management should be assigned to the asa from pool of interfaces

the management /rj45 used for the FW4110 is not used by the logical devices correct ?

Another question I have is , is there a difference between slot1 or slot 2?

The FW has 3 x 8 ports SFP+.

First 8 are built in , second and third are on a module named SSP.

I guess they will have the same use as the first built in module

also to confirm, does FMC virtual support running two firewalls in HA?

Hall of Fame Master

Correct - the management

Correct - the management ports built into the chassis (SFP Ethernet and console) are not for managing the logical device.

You can session to a logical device once you log into the chassis but they aren't generally intended for that purpose.

Whether you use the built in SFP+ interfaces or those on an expansion module is up to you. Given the cost of the expansion modules most people don't go onto those until they run out of ports in the base unit.

I answered in the other thread but yes - FMC can support multiple firewalls in HA, clustered or otherwise. You are restricted only by what is licensed for.


This is the same interface

This is the same interface that would be talking to FMC.