Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
782
Views
19
Helpful
7
Replies

No firepower-option availble on my ASDM

Imran Ahmad
Level 2
Level 2

‎09-15-2016 10:22 AM - edited ‎03-12-2019 01:16 AM

Hello Experts,

I have recently purchased few ASA Firepower 5545.   I wanted to register my PAK, thus needed to access my ASA > ASDM> configuration> ASA Firepower Configuration option "  to findout the license-key.       but when I go to ASDM>Configuration> there no "ASA Firepower Configruation option is available ?

 

Deployment of these Source-Fire products are too much puzzelling.  don't know where to start from. really got confused.  can anyone help me please ? 

Can I do everything using ASDM  ?  Or installation of the Fire-Power Management-Center is must ?  

 

Thanks

Labels:
0 Helpful
7 Replies 7

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-15-2016 12:31 PM

You can only use ASDM for FirePOWER module management on the ASA 5545-X if the module is version 6.0 or later. New units are currently shipping with 5.4 (as of Summer 2016).

You can upgrade from the command line and get to the point where you can manage from ASDM but that's a bit laborious if this is your first experience with FirePOWER. We normally sell the appliances with at least the basic 2-device FirePOWER Management Center license and/or professional services to get the customer running everything successfully along with some hands on training and demonstration.

Have you performed initial setup of the FirePOWER module ( assign IP address, gateway etc.)?

Imran Ahmad
Level 2
Level 2
In response to Marvin Rhoads

‎09-16-2016 03:02 AM

Hi Marvin,

I don't know which version is my ASA Firepower module.   I have only received these PAKs from cisco (FS-VMW) and (IPS,URL,AMP),  which are not registered yet on the Cisco website.  no training no other documentation received from cisco. 

I am just trying to register the PAKs and receive the license files so that I can proceed. but don't know to findout the license-key

 

I just downloaded and installed the SFR module (asasfr-5500x-boot-6.1.0-330.img) on the ASA and setup the ASA SFR boot image,  also assigned IP and gateway.    I have not done anything else yet and don't know what to do next.

 

 

 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Imran Ahmad

‎09-16-2016 08:02 AM

The FS-VMW is the FirePOWER Management Center. You need to download and install it as a VM.

It then manages all your devices, their policies and reporting etc., including their licensing.

You register devices to FMC.

You then license them from it using the license key of FMC (that key shows up once you have installed it and go to the licensing menu) plus the PAKs you have.

Imran Ahmad
Level 2
Level 2
In response to Marvin Rhoads

‎09-16-2016 08:17 AM

But currently I don't have ESXi Server available.   is there any other solution than having VM Server ?

 

Also i read about Firepower Threat-Defense.  can i use that instead of Firepower Mgmt Center ?  or that is built for other purposes

 

0 Helpful

William Eckler
Level 1
Level 1
In response to Imran Ahmad

‎09-16-2016 08:58 AM

I just recently went through this and had to load the vm on esxi the free version bare metal hypervisor from vmware 6.0 U2.  You then have to put a few config lines on the module by using sfr command from the asa.  You basically tell it what Firesight management center IP or name is and then give it a key to use which you then add to devices in Firesight once you get it licensed.  You use your paks and licenses from inside firesight VM.  Also I found out to get it work I had to run cable from the my mgmt vlan to the mgmt interface on my 5512-x to see any traffic inline.

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Imran Ahmad

‎09-16-2016 09:02 AM

You really should talk to the partner or reseller who sold you the FMC when you don't have an environment to run it on.

That said, you can run FMC on the free ESXi server, on KVM or in AWS. You can do on-box FirePOWER management using ASDM only if you have version 6.0 as I noted earlier. It's typically not recommended for larger firewalls or enterprises as there are some limitations that usually make it unsuited for such environments.

FTD is a whole different image with different capabilities and different licenses required than the ones you purchased.

NPicker
Level 1
Level 1
In response to Marvin Rhoads

‎02-01-2018 10:55 AM

Hello,

we have a 5545-x with 9.7.1, ASDM 7.7.1 and 6.2.0-36 FirePowerModule. Nothing works for the management. I have no point over the ASDM, and also I cannot connect to the FMC 6.2.2. I configure the ASA SFR with a IP mgmt on the ASA mgmt Interface with the same Subnet like the ASA mgmt IP Address. I configure the connection to the manager over "configure manager add ip key donotresolve" and it says me PENDING. Then I go to the FMC and try to add Device. I get the following message: ..cannot add device...check network connection, registry key or if it is blocked. Is nothing else to do before I can add the device to the FMC? Is there any configuration on the FMC to do before I can connect? I have a valid control lisence on the FMC installed. 

Thank you for your support.

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card