11-25-2016 04:55 PM - edited 03-12-2019 01:35 AM
Hi,
noob here. We have created a functioning ASA cluster on our 4110's, and now we need to install FXOS.
One of the engineers says we have to wipe the entire device in order to install FXOS, and honestly I don't know. I did find this this compatibility guide which indicates FXOS in compatible with ASA Version 9.6(2) (which is what we have installed).
http://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/compatibility/fxos-compatibility.html
My question: Is this correct and do I authorize the extra hours to wipe and re-configure?
Thanks in advance,
Solved! Go to Solution.
11-26-2016 01:15 AM
Perhaps there's some confusion in terms here.
The 4100 series (and 9300) have FX-OS (FirePOWER eXtensible Operating System) as the operating system for the physical chassis. You cannot have functioning chassis without FX-OS running on it. FX-OS has a cli interface and a GUI. The GUI is FirePOWER Chassis Manager (FCM).
From FCM one deploys logical devices - ASA and FirePOWER Threat Defense (FTD) are the two types of logical devices. The 4100 series supports only a single logical device as it only has a single Security Module (SM). (The 9300 can accommodate up to three.) So on a 4100 series you deploy one or the other logical device type exclusively. You still retain the underlying FX-OS and continue to manage the chassis via FCM in either scenario. Even upgrading FX-OS versions does not require re-imaging the ASA logical device.
If you migrate from an ASA logical device to an FTD logical device, that requires deleting the ASA and re-deploying a new logical device using the FTD code image. The actual deployment is quick - under an hour even if it's your first one (assuming you have had the basic field engineer training or read the fine manual).
Configuration of FTD is akin to an ASA plus a FirePOWER sensor and can be a bit more involved, especially if one if trying to migrate an extensive ASA configuration into the equivalent policies on FTD.
(Edit - updated to reflect FCM nomenclature. There is a separate tool - FirePOWER Device Manager or FDM - used for on-box configuration of ASA appliances running the FTD image only.)
11-26-2016 01:15 AM
Perhaps there's some confusion in terms here.
The 4100 series (and 9300) have FX-OS (FirePOWER eXtensible Operating System) as the operating system for the physical chassis. You cannot have functioning chassis without FX-OS running on it. FX-OS has a cli interface and a GUI. The GUI is FirePOWER Chassis Manager (FCM).
From FCM one deploys logical devices - ASA and FirePOWER Threat Defense (FTD) are the two types of logical devices. The 4100 series supports only a single logical device as it only has a single Security Module (SM). (The 9300 can accommodate up to three.) So on a 4100 series you deploy one or the other logical device type exclusively. You still retain the underlying FX-OS and continue to manage the chassis via FCM in either scenario. Even upgrading FX-OS versions does not require re-imaging the ASA logical device.
If you migrate from an ASA logical device to an FTD logical device, that requires deleting the ASA and re-deploying a new logical device using the FTD code image. The actual deployment is quick - under an hour even if it's your first one (assuming you have had the basic field engineer training or read the fine manual).
Configuration of FTD is akin to an ASA plus a FirePOWER sensor and can be a bit more involved, especially if one if trying to migrate an extensive ASA configuration into the equivalent policies on FTD.
(Edit - updated to reflect FCM nomenclature. There is a separate tool - FirePOWER Device Manager or FDM - used for on-box configuration of ASA appliances running the FTD image only.)
11-26-2016 01:15 AM
Good explanation, but you might wanna change Firepower Device Manager (FDM) to Firepower Chassis Manager (FCM).
11-26-2016 05:22 AM
Servus Oliver!
Good catch - I updated my post with the correction.
11-26-2016 06:04 AM
Thanks. Clarification helps a lot!
11-26-2016 06:06 AM
tl;dr = correct!
You're welcome.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide