Solved: ASA 5500X with FirePOWER Services Packet Tracer/Troubleshooting/Captur

servio.lara · ‎09-06-2021

Hello, I´m working on an ASA 5545X with FirePOWER Services for the first time.

I´m trying to catching up on the troubleshooting approach about what activities you do at the ASA, Firepower module, and the FMC levels.

For example, I was used to do the Packet tracer in the FMC for Firepower or ASDM for ASA.

I understand that for the ASA with FirePOWER Services, you have to use the ASA (CLI/ASDM) for packet tracer and capture.

My question is:

Is there any tool available at the module or FMC. Where can I see the packet process through the Firepower Services?

Best regards.

Milos_Jovanovic · ‎09-06-2021

Hi @servio.lara,

On ASA w/ Firepower you can use combined approach. As you already realised, you'll have to go to ASA to do initial debugging, to understand if your FW is permitting traffic on L3/L4 level, by using packet capture or packet-tracer.

Once you see that your packet was forwarded to Firepower module, you have to continue troubleshooting on Firepower module, which is more-less same as on FTD. From there, you could use 'system support trace' command, to see what is happening for specific traffic.

BR,

Milos

View solution in original post

Milos_Jovanovic · ‎09-06-2021

Hi @servio.lara,

On ASA w/ Firepower you can use combined approach. As you already realised, you'll have to go to ASA to do initial debugging, to understand if your FW is permitting traffic on L3/L4 level, by using packet capture or packet-tracer.

Once you see that your packet was forwarded to Firepower module, you have to continue troubleshooting on Firepower module, which is more-less same as on FTD. From there, you could use 'system support trace' command, to see what is happening for specific traffic.

BR,

Milos

servio.lara · ‎09-08-2021

Hi Milos,

Thanks for the reply.

Best regards.