Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1614
Views
10
Helpful
3
Replies

FPR4120 running ASA code

Go to solution
dukenuk96
Level 3
Level 3

‎12-20-2018 04:11 AM - edited ‎02-21-2020 08:35 AM

We are going to order FPR4120 and selected in CCW:

FIREPOWER HARDWARE
FPR4120-ASA-K9

Cisco Firepower 4120 ASA Appliance, 1U, 2 x NetMod Bays

 

Some articles and forums say that FPR box running ASA code have no difference compared to ASA5000 series regarding to management, CLI, features (virtual device contexts, clustering, dynamic routing, etc). firepower asa code

However on cisco.com site I found this document https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/fp4100/asa-firepower4100-qsg.html#pgfId-142917 stating some weird steps to get ASA code working on this box.

Please clarify where it the truth?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to dukenuk96

‎12-20-2018 06:12 AM

In most cases, there is just 1 logical device per chassis, so you are not sharing resources among multiple logical devices. You cannot run the ASA software directly on the chassis if that is what you were asking. 

 

Once the Firepower chassis and ASA is setup, it is managed like a traditional ASA - all the features and configurations are exactly the same. I have only used to chassis management post-deployment if I need to upgrade the FXOS. This is usually to maintain compatibility between the chassis and logical device. 

View solution in original post

3 Replies 3

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎12-20-2018 06:00 AM

Setting up a Firepower 4100 or 9300 has 2 major sections to it. One is the FXOS setup. This is sort of like a hypervisor running on the chassis. It has a separate management interface and other settings specific to the chassis. The ASA is installed as a logical device on top of the FXOS. Once the ASA is installed as a logical device (including specifying which chassis interfaces are going to be used for the ASA), the rest of the configuration is just like the ASA code running on the 55xx series. You can ssh or use ASDM as you used to do before. The reason you have to do this is because the Firepower devices have the capability to run ASA or FTD as logical devices on top of it. It just depends on what you install as a logical device. 

Go to solution
dukenuk96
Level 3
Level 3
In response to Rahul Govindan

‎12-20-2018 06:07 AM

So, only virtualized behavior, native ASA code running is impossible, right?
0 Helpful

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to dukenuk96

‎12-20-2018 06:12 AM

In most cases, there is just 1 logical device per chassis, so you are not sharing resources among multiple logical devices. You cannot run the ASA software directly on the chassis if that is what you were asking. 

 

Once the Firepower chassis and ASA is setup, it is managed like a traditional ASA - all the features and configurations are exactly the same. I have only used to chassis management post-deployment if I need to upgrade the FXOS. This is usually to maintain compatibility between the chassis and logical device. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card