Cisco Cisco ASA 5506H-X with FirePOWER Services Guía De Instalación
Cisco Firepower Threat Defense for the ASA 5506-X Series Using Firepower Management Center Quick Start Guide
4. Deploy the Firepower Threat Defense in Your Network
3
Note:
You must use a separate inside switch in your deployment.
The example configuration enables the above network deployment with the following behavior.
inside --> outside traffic flow
outside IP address from DHCP
(ASA 5506W-X) wifi <--> inside, wifi --> outside traffic flow
DHCP for clients on inside and wifi. The access point itself and all its clients use the ASA as the DHCP server.
Management 1/1 is used to set up and register the Firepower Threat Defense device to the Firepower
Management Center.
Management Center.
The Management interface requires Internet access for updates. When you put Management on the same
network as an inside interface, you can deploy the Firepower Threat Defense device with only a switch on the
inside and point to the inside interface as its gateway.
network as an inside interface, you can deploy the Firepower Threat Defense device with only a switch on the
inside and point to the inside interface as its gateway.
The physical management interface is shared between the Management logical interface and the Diagnostic
logical interface; see the Interfaces for Firepower Threat Defense chapter of the Firepower Management
Center Configuration Guide.
logical interface; see the Interfaces for Firepower Threat Defense chapter of the Firepower Management
Center Configuration Guide.
Firepower Management Center access on the inside interface and the wifi interface
Note:
If you want to deploy a separate router on the inside network, then you can route between management
and inside; see the Interfaces for Firepower Threat Defense chapter of the Firepower Management Center
Configuration Guide for examples of alternate deployment configurations.
Configuration Guide for examples of alternate deployment configurations.
To cable the above scenario on the ASA 5506-X series, see the following illustration.
Note:
The following illustration shows a simple topology using a Layer 2 switch. Other topologies can be used and
your deployment will vary depending on your basic logical network connectivity, ports, addressing, and
configuration requirements.
configuration requirements.
Switch
inside
Management 1/1
IP Address:
192.168.45.45
outside
GigabitEthernet 1/2
192.168.45.1
GigabitEthernet 1/1
wifi
GigabitEthernet 1/9 (internal)
192.168.10.1
Access Point IP address: 192.168.10.2
GigabitEthernet 1/9 (internal)
192.168.10.1
Access Point IP address: 192.168.10.2
Management
AP
Internet
Firepower
Management Center
192.168.45.44