2-2
Firepower 7000 and 8000 Series Installation Guide
Chapter 2 Deploying on a Management Network
Understanding Management Interfaces
Understanding Management Interfaces
Management interfaces provide the means of communication between the Management Center and all
devices it manages. Maintaining good traffic control between the appliances is essential to the success
of your deployment.
On Management Centers and Firepower devices, you can enable the management interface on the
Management Center, device, or both, to sort traffic between the appliances into two separate traffic
channels. The
management traffic channel
carries all internal traffic (that is, inter-device traffic specific
to the management of the appliance and the system), and the
event traffic channel
carries all event traffic
(that is, high volume event traffic, such as intrusion and malware events). Splitting traffic into two
channels creates two connection points between the appliances which increases throughput, thus
improving performance. You can also enable
multiple management interfaces
to provide still greater
throughput between appliances, or to manage and isolate traffic between devices on different networks.
After you register the device to the Management Center, you can change the default configuration to
enable traffic channels and multiple management interfaces using the web interface on each appliance.
For configuration information, see Configuring Appliance Settings in the
Firepower Management
Center Configuration Guide
.
Management interfaces are often located on the back of the appliance. See
for more information.
Single Management Interface
When you register your device to a Management Center, you establish a single communication channel
that carries all traffic between the management interface on the Management Center and the management
interface on the device.
The following graphic shows the default single communication channel. One interface carries one
communication channel that contains both management and event traffic.
Multiple Management Interfaces
You can enable and configure multiple management interfaces, each with a specific IPv4 or IPv6 address
and, optionally, a hostname, to provide greater traffic throughput by sending each traffic channel to a
different management interface. Configure a smaller interface to carry the lighter management traffic
load, and a larger interface to carry the heavier event traffic load. You can register devices to separate
management interfaces and configure both traffic channels for the same interface, or use a dedicated
management interface to carry the event traffic channels for all devices managed by the Management
Center.