The physical management interface is shared between the Diagnostic logical interface and the Management logical interface.
Management Interface : The Management logical interface is separate from the other interfaces on the device. It is used to set up and register the device to the Firepower Management Center. It runs a separate SSH server and uses its own local authentication, IP address, and static routing. You can configure its settings at the CLI using the configure network command. If you change the IP address at the CLI after you add it to the Firepower Management Center, you can match the IP address in the Firepower Management Center in the Devices > Device Management > Devices > Management area.
Diagnostic Interface : The Diagnostic logical interface can be configured along with the rest of the data interfaces on the Devices > Device Management > Interfaces screen. Using the Diagnostic interface is optional (see the routed and transparent mode deployments for scenarios). The Diagnostic interface and data interfaces allow for LDAP or RADIUS external authentication. If you do not want to allow SSH access on a data interface, for example, then you may choose to configure the Diagnostic interface for SSH access. The Diagnostic interface only allows management traffic, and does not allow through traffic. The Diagnostic interface is useful for SNMP or syslog monitoring.
