The cards will be configured in IDS mode (monitor-only) for some time, as the virtual management center is not ready yet. Iam wondering if we could use ASDM to upgrade the modules to the latest version, though we are not registering them in ASDM.

Could you reference some documentation for bootstraping and ASDM upgrade in this particular case ?

Thanks

i have the quick start guide at this link:

http://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118824-configure-firepower-00.html#anc6

Is this guide referencing the bootstrap process ?

Im confused because this guide does the image recovery all over (bootstrap and system images), as if the module has no image pre installed. If the module does have system image pre installed, how is the bootstrap and registration done in that case

Registration is done with the license Key.  Usually you received a doc with the PAK

very important..  make sure you Firepower Management Console is in the same version or higher than the sensor or module FP.

If your modules come with <6.0 FirePOWER version you will not be able to upgrade them via ASDM.

The ante for using ASDM to manage (including upgrade) a FirePOWER module on anything other than the Kenton models (5506/08/16) is ASDM 7.5.112 and FirePOWER 6.0.

http://www.cisco.com/c/en/us/td/docs/security/asdm/7_5/release/notes/rn75.html#ID-2172-00000128

You'd be much better off standing up a FirePOWER Management Center on a VM. If you ever plan to run the 5585 modules with anything near the load they are capable of, ASDM (with the module only event storage) is really not a sustainable solution.

If you go the route of upgrading from 5.3.x to 6.0 without FMC, you will need to go the cli route - a lot more work and it's roughly described here:

http://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configure-firepower-00.html

As noted there, upgrade apart from either FirePOWER Management Center or ASDM management (the latter only available post-6.0) requires reimaging - I would not recommend it for the new user.

Thank you for this clarification.

1- By this statement, Do you mean any version lower than 6.0 can not be upgraded via ASDM ?

If your modules come with <6.0 FirePOWER version you will not be able to upgrade them via ASDM.

2- Is it possible to use ASDM for upgrade for the meanwhile and later switch to full FMC VM ?

3- The cli option you mentionned is for the software module. Is this link for the hardware module ?

http://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118824-configure-firepower-00.html#anc6

If correct, does this mean a complete  image recovery is necessary via cli ?

Thank you.

Thanks a lot.

If I am 5.3.1, reimage can be done to the latest 6.2.3 or need to follow specifics path?

Hello

We have 12 ASA5585X with IPS-SSP-20.Can we install Firepower image on them without changing hareware?

Thank you.

Yes, you can.  Make sure the image is equal or below the FMC release.  And make sure you match the ASA version working with FP.  I highly recommend using the FP 6.1 or up, if your FMC is 6.2  ....avoid all the headaches in between...

Hello

I've tried to install and change our ASA5585X with IPS-SSP-20 to Firepower image 6.2 according to below link:

http://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118824-configure-firepower-00.html

But After final reboot and when the module reloads, All process reset to IPS-SSP-20 mode and image installation process failed.

Is there something wrong with that?

Thank you.

mkhalegi1  ,

Note the guide you referenced instructs that "the other module must be uninstalled to make space for the SSP-SFR".

This is referring to uninstallation of the older hardware module, consistent with the advice I gave just a short while ago in this thread. 

edpadilla  ,

Sorry for the correction but the 5585-X IPS-SSP cards cannot be reimaged to run FirePOWER.

In cases such as this, there is a special SKU (ASA5585-xx-FP-UPG, using 10, 20, 40 or 60 in place of "xx") the customer can order to get a discounted price on the required new hardware module. The model ordered should be considered carefully - the customer's Cisco or partner SE can use the internal sizing tool to choose the right one given the customer's current and projected performance requirements.

They should also consider moving to a new FirePOWER 2100 (FTD image only) or 4100 (ASA or FTD image) series appliance as the end of sales for 5585-X FirePOWER variants has been announced recently. The EoS date will be August 2017. 

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-x-series-next-generation-firewalls/eos-eol-notice-c51-738643.html