Cisco Cisco ASA 5506H-X with FirePOWER Services Guia Da Instalação

Cisco Firepower Threat Defense for the ASA 5508-X and ASA 5516-X Using Firepower Device Manager Quick Start Guide

4. Deploy the Firepower Threat Defense in Your Network

4. Deploy the Firepower Threat Defense in Your Network

The following figure shows the recommended network deployment for Firepower Threat Defense on the ASA 
5508-X or ASA 5516-X.

You must use a separate inside switch in your deployment.

The example configuration enables the above network deployment with the following behavior.



inside --> outside traffic flow



outside IP address from DHCP



DHCP for clients on inside.



Management 1/1 is used to set up and manage the device using the Firepower Device Manager, a simplified 
single-device manager included on the box. 

The Management interface requires Internet access for updates. When you put Management on the same 
network as an inside interface, you can deploy the Firepower Threat Defense device with only a switch on the 
inside and point to the inside interface as its gateway.

The physical management interface is shared between the Management logical interface and the Diagnostic 
logical interface; see the Interfaces chapter of the Firepower Threat Defense Configuration Guide for 
Firepower Device Manager. 

To cable the above scenario on the ASA 5508-X or ASA 5516-X, see the following illustration. 

The following illustration shows a simple topology using a Layer 2 switch. Other topologies can be used and 

your deployment will vary depending on your basic logical network connectivity, ports, addressing, and 
configuration requirements.

Management Computer

DHCP from inside:192.168.45.x

Layer 2

Switch

Firepower 

Threat Defense

Management 1/1

IP Address:

 192.168.45.45

Gateway

GigabitEthernet 1/2

192.168.45.1

GigabitEthernet 1/1

Management

Internet