cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
359
Views
10
Helpful
2
Replies
Highlighted
Beginner

What are the high level steps involved while installing Firepower module on ASA 5545-X in Active/Standby state ?

We have two 5545-X ASAs in active/standby mode that currently run sfr module 5.4.0.8.

 

Our plan is to upgrade our FMC from 5.4.1.7 to 6.2.0.5 through proper upgrade process. However, for our ASAs, we are planning to re-image them straight to 6.2.0 and patch 6.2.0.5.

 

My main question here is, can I install firepower module on standby first and then install on active firewall without having to do a failover ?

2 REPLIES 2
Cisco Employee

Re: What are the high level steps involved while installing Firepower module on ASA 5545-X in Active/Standby state ?

Hi

 

Yes, you can. the modules installation is independent of ASA failover. You can install the module on both 1 by 1 and then configured the service policy later without having do failover or affecting traffic before the redirection is configured.

 

Hope it helps.

Yogesh

 

Hall of Fame Master

Re: What are the high level steps involved while installing Firepower module on ASA 5545-X in Active/Standby state ?

@yogdhanu

 

Note that service-module health is a failover criterion by default. It can be disabled since ASA 9.3(1) and higher.

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-firewalls/200944-Disable-Service-Module-Monitoring-on-ASA.html

 

If you don't disable the monitoring, shutdown or reload of a Firepower module on the active unit will cause a failover event (or status of "not ready" in case it is reloaded on a standby unit).

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards