About Data Interfaces

You can use either the dedicated management interface or a regular data interface for communication with the device. Security Cloud Control Firewall Management access on a data interface is useful if you want to manage the FTD remotely from the outside interface, or you do not have a separate management network. Security Cloud Control Firewall Management supports high availability on the FTD managed remotely from the data interface.

FTD management access from a data interface has the following limitations:

• You can only enable manager access on one physical, data interface. You cannot use a subinterface or EtherChannel.

• Routed firewall mode only, using a routed interface.

• PPPoE is not supported. If your ISP requires PPPoE, you will have to put a router with PPPoE support between the FTD and the WAN modem.

• The interface must be in the global VRF only.

• SSH is not enabled by default for data interfaces, so you will have to enable SSH later using Security Cloud Control Firewall Management . Because the management interface gateway will be changed to be the data interfaces, you also cannot SSH to the management interface from a remote network unless you add a static route for the management interface using the configure network static-routes command.