When you create a logical device in FXOS , as part of it one adds a management IP like below
where is this used?
I can't get my head around it as it is not pingable and what is is mapped to?
Same applies to the password command
Firepower /ssa/logical-device/mgmt-bootstrap* # create ipv4 slot_id firepower
Specify the password to use for the logical device:
Firepower /ssa/logical-device/mgmt-bootstrap/bootstrap-key-secret* # set value
is the parameters in the end of the sentence "create bootstrap-key-secret PASSWORD" has to be the same as what cisco documents says ?
For instance you can type PASSWORD or FQDN or DNS_Servers
The management IP is the address of the management interface of the logical device (ASA or FTD). It won't be up until the logical device is fully initialized and, in the case of an ASA logical device, the interface is configured to be "no shut". You need to be sure to allocate a physical interface from the chassis to the management interface.
The bootstrap-key-secret PASSWORD is a mechanism designed to better secure the boot process. I'm not positive but I don't believe it's mandatory to use one.
I have noticed the interface use for management should be assigned to the asa from pool of interfaces
the management /rj45 used for the FW4110 is not used by the logical devices correct ?
Another question I have is , is there a difference between slot1 or slot 2?
The FW has 3 x 8 ports SFP+.
First 8 are built in , second and third are on a module named SSP.
I guess they will have the same use as the first built in module
also to confirm, does FMC virtual support running two firewalls in HA?
Correct - the management ports built into the chassis (SFP Ethernet and console) are not for managing the logical device.
You can session to a logical device once you log into the chassis but they aren't generally intended for that purpose.
Whether you use the built in SFP+ interfaces or those on an expansion module is up to you. Given the cost of the expansion modules most people don't go onto those until they run out of ports in the base unit.
I answered in the other thread but yes - FMC can support multiple firewalls in HA, clustered or otherwise. You are restricted only by what is licensed for.