cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10220
Views
25
Helpful
25
Replies

ASA 5506 FirePOWER Reporting: No Data Available

talleyt01
Level 1
Level 1

I have an ASA 5506 that is fully licensed (i.e. Control, Protect, URL and Malware).

When using ASDM, there is a “FirePOWER Reporting” tab. But it has only displayed “No Data Available”.

How is FirePOWER to be configured inorder for data to be available?

25 Replies 25

Great post. Very helpful, thank you.

I'm in the exact same situation.  I have licenses installed, logging on, rules set and tested, but no reporting of any kind on my 5506-X.  What was the solution?

People should also check that they have applied the FireSIGHT Managment Center license.

One other thing is to make sure you have network discovery policy and have defined the network to be included in HOME_NET and EXTERNAL_NET.

One good guide to have a look at (in addition to the comprehensive user guide) is the publicly available Cisco Live presentation, BRKSEC-2018, from the recent San Diego session in June 2015. Please refer to slide 56 onward for a good overview of how policies are setup in a FirePOWER module.

As I mentioned earlier - you can always call the TAC if you're working with a licensed product.

The 5506 is not supposed to need the FireSIGHT Managment Center. The “Center” license is more expensive than the 5506. All the FirePower information should be available via ASDM.  

Also, is not a SmartNet contract a requirement for TAC support?

Correct - the 5506X (and 5508 and 5516) don't need the separate FMC. For people using it, that licensing proviso applies.

The other guidance is good for all use cases.

If you have an active subscription license for the IPS, URL Filtering and/or Malware features that should entitle you to TAC support for those features. They might balk at general firewall setup questions as that's out of scope if you only have the subscription licenses.

It this time, appears that there is none.

I think I may have figured it out.  I had logging on for the rule that I created, but not for the default rule at the bottom.  

As Rejohn noted, logging is not enabled by default.

Have a look at that and let us know.

Panos Bouras
Level 1
Level 1

Hi,

we are facing a similar problem with 2 ASA 5506 in different installations. Both of our 5506 are managed through the Sourcefire management center (VM) and in both cases we get no data available after approximately 06:00 - 06:40.  If we reapply the rules or restart the sfr module data starts showing.

Logs on both management centers don't reveal an error. The error starts to appear around the time of an security intelligence update e.g. after 20-30min (schedule for that is every 2 hours)

There are some minor differences in the IOS (9.4.1 vs 9.4.1 intermediate) and SFR (5.4.1 vs 5.4.1.1-33) module versions but the Sourcefire center is 5.4.1.1.

Have you managed a solution?

Thank you,Panos.
Please Rate Posts (by clicking on Star) and/or Mark Solutions as Accepted, when applies

haibo li
Level 1
Level 1

I have an ASA 5516X that is fully licensed (i.e. Control, Protect, URL and Malware).

When using ASDM, there is a “FirePOWER Reporting” tab. But it has only displayed “No Data Available”.

How is FirePOWER to be configured inorder for data to be available?

My policy has be configured.

stsonline
Level 1
Level 1

Not sure if you figured out the problem, but I have the same issue and it appears no one satisfactorily answered your original post. In my case, I had to create a security policy and apply it to my outside interface. The "trick" was the type of security policy - the first one I created was an inspection policy, looking at the 13-15 default services. This policy did nothing to address the "no data" in reports issue. So I changed my security policy to inspect TCP traffic in the port 80-90 range. Almost immediately FirePower began displaying data in the reports tab.

Hope this helps!

Review Cisco Networking for a $25 gift card