Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
753
Views
0
Helpful
4
Replies

FirePower Hardware Module Cabling CONNECTIONS

Go to solution
Atasawar1
Level 1
Level 1

‎05-29-2017 05:01 PM - edited ‎03-12-2019 02:26 AM

My question is that how should we do the cabling on FirePower hardware module for data traffic coming in and going out from FirePower module.
In a software module, we create security zones as per the ASA interface as an inside interface on ASA will be an inside security zone and an outside interface of ASA will be outside security zone on FirePower module. But what about hardware module as it has its own interfaces?

How should we connect cables for in FirePower hardware module for incoming and outgoing data traffic? (Not management) 

Thanking you all in advance for your kind assistance. 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Atasawar1

‎05-30-2017 03:50 AM

On the 5585-X with FirePOWER SSP, the interfaces are a bit misleading as they are not specifc to the FirePOWER module (except the console port). Instead, they are expansion data interfaces for the overall ASA.

All ASAs with FirePOWER modules communicate to the module via the ASA backplane (called the fabric switch in a 5585-X). So you do not "assign" any physical (or logical) interfaces to the module. Instead you direct traffic to it as an action in your service policy.

I found a decent picture of the architecture in a Cisco Live presentation. See slide 34 in the following:

BRKSEC-2028 - Deploying Next Generation Firewall with ASA and Firepower Services (2015 San Diego)

https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=83691&tclass=popup

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-29-2017 06:23 PM

What hardware and software platform are you asking about?

There are several in the FirePOWER family and the answer varies according to which you are asking about.

0 Helpful

Go to solution
Atasawar1
Level 1
Level 1
In response to Marvin Rhoads

‎05-30-2017 03:30 AM

Hi Marvin,

It is ASA5585-SSP-40 hardware module. 

Software: 6.0.0

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Atasawar1

‎05-30-2017 03:50 AM

On the 5585-X with FirePOWER SSP, the interfaces are a bit misleading as they are not specifc to the FirePOWER module (except the console port). Instead, they are expansion data interfaces for the overall ASA.

All ASAs with FirePOWER modules communicate to the module via the ASA backplane (called the fabric switch in a 5585-X). So you do not "assign" any physical (or logical) interfaces to the module. Instead you direct traffic to it as an action in your service policy.

I found a decent picture of the architecture in a Cisco Live presentation. See slide 34 in the following:

BRKSEC-2028 - Deploying Next Generation Firewall with ASA and Firepower Services (2015 San Diego)

https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=83691&tclass=popup

0 Helpful

Go to solution
Atasawar1
Level 1
Level 1
In response to Marvin Rhoads

‎05-31-2017 10:40 AM

Thank you, Marvin Rhoads for your kind response and clearing my doubts.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card