Friday, July 31, 2015

FirePower management interface

While installing Cisco FirePOWER on 5545-X, I was following the "Install and Configure a FirePOWER Services Module on an ASA Platform" guide.

One of the steps was to configure an IP address to the FirePower management interface. However, nowhere in the document it was mentioned how would that interface connect to the outside world.

So I tired to google it, and it looks like no one was asking that question: How would an internal module connect to the outside world? Not a single blog post about it. It just worked for everyone, no questions asked!

After digging around I found this document: "Cisco ASA FirePOWER Module Quick Start Guide"

And there I have found my answers:
  1. For 5585-X, FirePOWER is installed on a dedicated slot with its own mgmt0 interface.
  2. For 5545-X, FirePOWER module (SRF) is using the 5545-X's management0/0 interface. Which means that we can not use that interface for managment and it must be dedicated to FirePOWER!
  3. For the rest, it will use the "inside" interface.
 I would have expected a command to allow me to set up a bridge between the SRF management interface and some ifname on the ASA. But no, it is hard wired! Why?