C H A P T E R
2-1
Firepower 7000 and 8000 Series Installation Guide
2
Deploying on a Management Network
The Firepower System can be deployed to accommodate the needs of each unique network architecture.
The Management Center provides a centralized management console and database repository for the
Firepower System. Devices are installed on network segments to collect traffic connections for analysis.
Management Centers use a management interface to connect to a
trusted management network
(that is,
a secure internal network not exposed external traffic). Devices connect to a Management Center using
a management interface.
Devices then connect to an external network using sensing interfaces to monitor traffic. For more
information on how to use sensing interfaces in your deployment, see
Note
See the ASA documentation for more information on deployment scenarios for ASA FirePOWER
devices.
Management Deployment Considerations
Your management deployment decisions are based on a variety of factors. Answering these questions
can help you understand your deployment options to configure the most efficient and effective system:
•
Will you use the default single management interface to connect your device to your Management
Center? Will you enable additional management interfaces to improve performance, or to isolate
traffic received on the Management Center from different networks? See
Management Interfaces, page 2-2
for more information.
•
Do you want to enable traffic channels to create two connections between the Management Center
and the managed device to improve performance? Do you want to use multiple management
interfaces to further increase throughput capacity between the Management Center and the managed
device? See
Deploying with Traffic Channels, page 2-3
for more information.
•
Do you want to use one Management Center to manage and isolate traffic from devices on different
networks? See
Deploying with Network Routes, page 2-4
for more information.
•
Are you deploying your management interfaces in a protected environment? Is appliance access
restricted to specific workstation IP addresses?
Security Considerations, page 2-5
describes
considerations for deploying your management interfaces securely.
•
Are you deploying 8000 Series devices? See
Special Case: Connecting 8000 Series Devices,
for more information.