07-06-2017 02:34 PM - edited 03-12-2019 02:40 AM
All,
When you create a logical device in FXOS , as part of it one adds a management IP like below
where is this used?
I can't get my head around it as it is not pingable and what is is mapped to?
Same applies to the password command
Firepower /ssa/logical-device/mgmt-bootstrap* # create ipv4 slot_id firepower
Specify the password to use for the logical device:
Firepower /ssa/logical-device/mgmt-bootstrap/bootstrap-key-secret* # set value
Value: password
is the parameters in the end of the sentence "create bootstrap-key-secret PASSWORD" has to be the same as what cisco documents says ?
For instance you can type PASSWORD or FQDN or DNS_Servers
many thanks
07-06-2017 07:07 PM
The management IP is the address of the management interface of the logical device (ASA or FTD). It won't be up until the logical device is fully initialized and, in the case of an ASA logical device, the interface is configured to be "no shut". You need to be sure to allocate a physical interface from the chassis to the management interface.
The bootstrap-key-secret PASSWORD is a mechanism designed to better secure the boot process. I'm not positive but I don't believe it's mandatory to use one.
07-10-2017 06:12 AM
I have noticed the interface use for management should be assigned to the asa from pool of interfaces
the management /rj45 used for the FW4110 is not used by the logical devices correct ?
Another question I have is , is there a difference between slot1 or slot 2?
The FW has 3 x 8 ports SFP+.
First 8 are built in , second and third are on a module named SSP.
I guess they will have the same use as the first built in module
also to confirm, does FMC virtual support running two firewalls in HA?
07-10-2017 08:49 AM
Correct - the management ports built into the chassis (SFP Ethernet and console) are not for managing the logical device.
You can session to a logical device once you log into the chassis but they aren't generally intended for that purpose.
Whether you use the built in SFP+ interfaces or those on an expansion module is up to you. Given the cost of the expansion modules most people don't go onto those until they run out of ports in the base unit.
I answered in the other thread but yes - FMC can support multiple firewalls in HA, clustered or otherwise. You are restricted only by what is licensed for.
07-06-2017 10:41 PM
This is the same interface that would be talking to FMC.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide