Using the Firewall Threat Defense data interface for management
Using the Firewall Threat Defense data interface for management is a configuration option that
-
allows communication with the Firewall Management Center through a regular data interface instead of the dedicated Management interface
-
enables remote management from the outside interface when a separate management network is not available, and
Manager access requirements
Manager access from a data interface has the requirements listed in this table.
-
You can only enable manager access on one physical, data interface. You cannot use a subinterface or EtherChannel, nor can you create a subinterface on the manager access interface.
-
This interface cannot be management-only.
-
Routed firewall mode only, using a routed interface.
-
PPPoE is not supported. If your ISP requires PPPoE, you will have to put a router with PPPoE support between the Firewall Threat Defense and the WAN modem.
-
The interface must be in the global VRF only.
-
SSH is not enabled by default for data interfaces, so you will have to enable SSH later using the Firewall Management Center. Because the Management interface gateway will be changed to be the data interfaces, you also cannot SSH to the Management interface from a remote network unless you add a static route for the Management interface using the configure network static-routes command.
-
Clustering is not supported. You must use the Management interface in this case.