Cisco ASA 5525 with Firepower Service Configure with ASDM

htunnminzaw1 · ‎09-21-2016

Hi Experts.

I would like to know about of Firepower . Can I configure ASA 5525 Firepower Service with ASDM . I can not see Firepower

configuration Tab at the ASDM . Please help me and Thanks. ( Some people say me to configure with Firepower Management Center )

Jon Are Endrerud · ‎09-21-2016

You can use ASDM but i would recommend using the FireSIGHT management center. You can download a virtual appliance and run it in VMware.

https://software.cisco.com/download/release.html?mdfid=286259687&catid=268438162&softwareid=286271056&release=Rules%20Updates&relind=AVAILABLE&rellifecycle=&reltype=latest

Also check in CLI that the module is running and all is good. Paste the command

"show module sfr details"

Paste the result of the command here in the forum.

Good luck!

Please rate as helpful, if that would be the case. Thanx

htunnminzaw1 · ‎09-21-2016

Hi Jon ,

I only would like to configure with ASDM because I do not have FireSIGHT management center . I have heard If I use FireSIGHT Management center , I need to buy license . I don't want to buy License . So Please help me how to configure with ASDM . The problem I saw is Firepower configuration tab that is not appear in ASDM . I can configure Firepower with CLI .Do I need to configure with CLI for using with ASDM ? .

I am using ASA software version 9.5.2 , ASDM version 7.6.1 , FireOS 6.0.0.1 .

Jon Are Endrerud · ‎09-22-2016

I think the Firesight management is free for 2 units.

Do you see the Firepower Status Tab in ASDM ?

If not try to go down to ASDM 7.5.x.

Please rate as helpful, if that would be the case. Thanx

roy.phillips1 · ‎11-04-2016

Hi Guys

Sorry to say but Firesight Managment Centre is not free you do need a licence to manage it

All the best

Roy

Marvin Rhoads · ‎09-22-2016

Have you done the basic setup of the FirePOWER module (give it IP address, gateway etc.) and do you have the management port of the ASA connected to the network?

show module sfr detail

...will confirm.

The FirePOWER module uses that interface and it must have network connectivity to the workstation you are running ASA on via that path.

With that in place (and assuming you haven't registered the module to a FirePOWER Management Center), it should be manageable via ASDM.

The prerequisite software versions are ASA 9.5(1.5)/ASDM 7.5(1.112) and FirePOWER 6.0 or later so you should be OK with that.

htunnminzaw1 · ‎09-22-2016

Hi Marvin,

I upload my ASA firewall screenshot file , please kindly check the attached file.let me know what is wrong in my firewall .

Marvin Rhoads · ‎09-23-2016

The problem appears to be as I highlighted previously: "assuming you haven't registered the module to a FirePOWER Management Center".

If you check the screen shot for FirePOWER module detail, you will notice it says "DC addr: 192.168.0.200". This means that the module has been configured to register with a Defense Center (old name for FirePOWER Management Center).

You cannot manage a FirePOWER module from ASDM if it is configured already to be managed from DC / FMC.

If you look all the way at the bottom of the "ASA FirePOWER Status" tab of ASDM home page it should indicate that you can manage it via the Management Center and show a link to the configured one (assuming the configured registration has completed).