I'm in the process of upgrading the firepower software on a Cisco 5525-X. I have updated the boot firmware to 6.2.2. Once I get into the module using the module sfr command i then enter setup to configure the ip address for the firepower module.
My question is, what physical interface on the firewall is this ip address binded to? does the firepower ip address have to be in the same subnet as the inside interface ip? Once i can get the firepower talking to filezilla server, i can then upgrade the rest.
the FP module logical eth0 interface is binded to the ASA chassis management0/0 interface.
both the FP module interface and ASA management interface can be on the same subnet (for IP design ease) BUT the management functions are separate. meaning, you SSH/ASDM to ASA management0/0 IP while you use the FP module IP for FMC device registration.
here's a useful link for the ASA FP module upgrade process.
Oh - sorry about that John. You are right. Time to get my glasses checked. :)
On the ASA 5525-X the Firepower module indeed uses interface Management 0/0. That applies to the 5512-X, 5515-X, 5525-X, 5545-X and 5555-X.
On the 5506-X, 5508-X and 5516-X they number the sole management interface "Management 1/1".
The 5585-X has two management interfaces - Management 0/0 on the base ASA and Management 1/0 on the SSP. The latter is used for the Firepower SSP.