Using the Firewall Threat Defense Data Interface for Management

You can use either the dedicated Management interface or a regular data interface for communication with the . Manager access on a data interface is useful if you want to manage the Firewall Threat Defense remotely from the outside interface, or you do not have a separate management network.

Manager Access Requirements

Manager access from a data interface has the following requirements.

• You can only enable manager access on one physical, data interface. You cannot use a subinterface or EtherChannel, nor can you create a subinterface on the manager access interface.

• This interface cannot be management-only.

• Routed firewall mode only, using a routed interface.

• PPPoE is not supported. If your ISP requires PPPoE, you will have to put a router with PPPoE support between the Firewall Threat Defense and the WAN modem.

• The interface must be in the global VRF only.

• SSH is not enabled by default for data interfaces, so you will have to enable SSH later using the . Because the Management interface gateway will be changed to be the data interfaces, you also cannot SSH to the Management interface from a remote network unless you add a static route for the Management interface using the configure network static-routes command.

• Clustering is not supported. You must use the Management interface in this case.