Review The Network Deployment And Default Configuration - Cisco FPR1010-ASA-K9 Getting Started Manual

Threat Defense Deployment with the Device Manager

Review the Network Deployment and Default Configuration

You can manage the threat defense using the device manager from either the Management 1/1 interface or
the inside interface. The dedicated Management interface is a special interface with its own network settings.
The following figure shows the recommended network deployment. If you connect the outside interface
directly to a cable modem or DSL modem, we recommend that you put the modem into bridge mode so the
threat defense performs all routing and NAT for your inside networks. If you need to configure PPPoE for
the outside interface to connect to your ISP, you can do so after you complete initial setup in device manager.
Note
CLI (Optional) Check the Software and Install a New Version, on page 96
CLI (Optional) Change Management Network Settings at the CLI, on page
Device Manager Log Into the Device Manager, on page
Device Manager Complete the Initial Configuration, on page
Cisco Commerce (Optional)
Workspace
Smart Software Configure Licensing, on page
Manager
Device Manager Configure Licensing, on page
Server.
Device Manager Configure the Firewall in the Device Manager, on page
If you cannot use the default management IP address (for example, your management network does not
include a DHCP server), then you can connect to the console port and perform initial setup at the CLI,
including setting the Management IP address, gateway, and other basic networking settings.
If you need to change the inside IP address, you can do so after you complete initial setup in the device
manager. For example, you may need to change the inside IP address in the following circumstances:
• (7.0 and later) The inside IP address is 192.168.95.1. (6.7 and earlier) The inside IP address is
192.168.1.1. If the outside interface tries to obtain an IP address on the 192.168.1.0 network, which
is a common default network, the DHCP lease will fail, and the outside interface will not obtain
an IP address. This problem occurs because the threat defense cannot have two interfaces on the
same network. In this case you must change the inside IP address to be on a new network.
• If you add the threat defense to an existing inside network, you will need to change the inside IP
address to be on the existing network.
Review the Network Deployment and Default Configuration
Configure Licensing, on page
102: Generate a license token.
102: Register the device with the Smart Licensing
Cisco Firepower 1010 Getting Started Guide
99.
100.
102: Obtain feature licenses.
107.
97.
91