Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
998
Views
0
Helpful
4
Replies

FXOS Management IP

cisco8887
Level 2
Level 2

‎07-06-2017 02:34 PM - edited ‎03-12-2019 02:40 AM

All, 

When you create a logical device in FXOS , as part of it one adds a management IP like below

where is this used?

I can't get my head around it as it is not pingable and what is is mapped to?

Same applies to the password command

Firepower /ssa/logical-device/mgmt-bootstrap* # create ipv4 slot_id firepower

Specify the password to use for the logical device:

Firepower /ssa/logical-device/mgmt-bootstrap* # create bootstrap-key-secret PASSWORD

Firepower /ssa/logical-device/mgmt-bootstrap/bootstrap-key-secret* # set value

Value: password

is the parameters in the  end of the sentence "create bootstrap-key-secret PASSWORD" has to be the same as what cisco documents says ?

For instance you can type PASSWORD or FQDN or DNS_Servers

many thanks

Labels:
0 Helpful
4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-06-2017 07:07 PM

The management IP is the address of the management interface of the logical device (ASA or FTD). It won't be up until the logical device is fully initialized and, in the case of an ASA logical device, the interface is configured to be "no shut". You need to be sure to allocate a physical interface from the chassis to the management interface.

The bootstrap-key-secret PASSWORD is a mechanism designed to better secure the boot process. I'm not positive but I don't believe it's mandatory to use one.

0 Helpful

cisco8887
Level 2
Level 2
In response to Marvin Rhoads

‎07-10-2017 06:12 AM

I have noticed the interface use for management should be assigned to the asa from pool of interfaces

the management /rj45 used for the FW4110 is not used by the logical devices correct ?

Another question I have is , is there a difference between slot1 or slot 2?

The FW has 3 x 8 ports SFP+.

First 8 are built in , second and third are on a module named SSP.

I guess they will have the same use as the first built in module

also to confirm, does FMC virtual support running two firewalls in HA?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to cisco8887

‎07-10-2017 08:49 AM

Correct - the management ports built into the chassis (SFP Ethernet and console) are not for managing the logical device.

You can session to a logical device once you log into the chassis but they aren't generally intended for that purpose.

Whether you use the built in SFP+ interfaces or those on an expansion module is up to you. Given the cost of the expansion modules most people don't go onto those until they run out of ports in the base unit.

I answered in the other thread but yes - FMC can support multiple firewalls in HA, clustered or otherwise. You are restricted only by what is licensed for.

0 Helpful

prashant dwivedi
Level 1
Level 1

‎07-06-2017 10:41 PM

This is the same interface that would be talking to FMC.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card