Deploying the Appliance
Firepower 8000 Series Getting Started Guide
7
Deploying the Appliance
Cabling the Device
You can cable your device to configure passive or inline interfaces, depending on your deployment needs.
Use passive cabling if you want to:
monitor traffic
collect information about hosts, operating systems, applications, users, files, networks, and vulnerabilities
Use inline cabling if you want to use the same features as a passive deployment, plus:
configure a virtual switch, virtual router, or hybrid interface
perform network address translation (NAT)
use policies to block traffic based on access control features such as application control, user control, security
intelligence, URL dispositions, file control, malware detection, or intrusion prevention
Your device is typically deployed inside a firewall,
where it is connected to your trusted management
network and the various network segments you
want to monitor.
In a simple deployment scenario, you connect the
management interface on your device to your
trusted management network using an Ethernet
cable, then connect the sensing interfaces to the
network segments you want to monitor using the
appropriate cables (copper or fiber) in either a
passive or inline cabling configuration.
The trusted management network (a restricted
network protected from unauthorized access) may
have a single secure connection to the Internet for
security updates and similar functions, but is
separate from the rest of your network and is not
accessible to hosts used in daily business
operations.
You can connect sensing interfaces to different
network segments dedicated to particular
components of your business that have distinct
security requirements to target policies based on
the needs for specific segments. These segments
can include the DMZ (outward-facing servers, such
as mail, ftp, and web hosts), your internal network (hosts used in daily operation and similar applications), and
the core (hosts reserved for critical business assets), and can also include segments dedicated to remote
locations, mobile access, or other functions.
How you cable your sensing interfaces determines your configuration options. If you use passive cabling, you
can configure passive sensing interfaces. If you use inline cabling, you can create passive, inline, inline with
fail-open, virtual switch, virtual router, or hybrid sensing interfaces on your device. For more information on
deployment options and interface configurations and how they affect product features, see the
Firepower
Firepower Management Center Configuration Guide
and the
Firepower 8000 Series Hardware Installation Guide
.