Security Considerations; Special Case: Connecting 8000 Series Devices - Cisco 7010 Installation Manual

Chapter 2 Deploying on a Management Network
The following graphic shows two devices isolating network traffic by using separate management
interfaces for all traffic. You can add more management interfaces to configure separate management
and event traffic channel interfaces for each device.

Security Considerations

To deploy your management interfaces in a secure environment, Cisco recommends that you consider
the following:
•
•

Special Case: Connecting 8000 Series Devices

When you register an 8000 Series device to your Management Center, you must either auto-negotiate on
both sides of the connection, or set both sides to the same static speed to ensure a stable network link.
8000 Series devices do not support half duplex network links; they also do not support differences in
speed or duplex configurations at opposite ends of a connection.
Always connect the management interface to a trusted internal management network that is
protected from unauthorized access.
Identify the specific workstation IP addresses that can be allowed to access appliances. Restrict
access to the appliance to only those specific hosts using Access Lists within the appliance's system
policy. For more information, see the Firepower Management Center Configuration Guide.
8000 Series
Supported Devices:
Firepower 7000 and 8000 Series Installation Guide
Security Considerations
2-5