Solved: Re: ASA 5506-X: "Module Firepower is not supported on this platform”

db62 · ‎10-30-2018

Hi,

So I was upgrading an ASA 5506-x from 9.9 to 9.10 using the "Tools / Check for ASA/ASDM updates..." function of the ASDM launcher.

It found the 9.10.1 update, but then a message box popped up:

"Module Firepower is not supported on this platform”

Excuse me?

A quick search led me to the 9.10 Release Notes, which say, quote:

No support in 9.10(1) for the ASA FirePOWER module on the ASA 5506-X series and the ASA 5512-X—The ASA 5506-X series and 5512-X no longer support the ASA FirePOWER module in 9.10(1) and later due to memory constraints [emphasis mine]. You must remain on 9.9(x) or lower to continue using this module. Other module types are still supported. If you upgrade to 9.10(1), the ASA configuration to send traffic to the FirePOWER module will be erased; make sure to back up your configuration before you upgrade. The FirePOWER image and its configuration remains intact on the SSD. If you want to downgrade, you can copy the ASA configuration from the backup to restore functionality.

Would anyone at Cisco care to address this loss of functionality that was bought and paid for, due to an "upgrade"? I'm sure some users might have something to say about this... And this thread might be relevant too...

Thank you kindly.

Marvin Rhoads · ‎02-06-2019

The ASA 5506 is not yet discontinued. Only new Firepower Threat Defense and Firepower service module 6.3 is not available for them. New ASA software will continue to be made available as will maintenance releases of the 6.2.x Firepower train.

Once the hardware EoX announcement is made it will follow standard Cisco policy for support timelines.

View solution in original post

f2l · ‎11-07-2018

This does not make any sense to me either?!?!

Why buy a 5506-X, 5512-X, etc. If when you upgrade to the latest 9.10.1 version, you get the functionality of the 5505?

Surly, if you buy a 5506-X, etc., you bought it to make use of its full functionality, including FirePower.

Cisco: Please explain, or maybe provide free memory upgrades. ;-)

Jason L · ‎11-13-2018

I just learned this from the release notes. If the 5506 and 5512 were EOL, this would make sense, but since they are not, this makes no sense.

k.nandakumar · ‎11-13-2018

If you need FirePOWER service function, why not re-image the box with FTD ?

You'll have latest ASA code and Firepower and single image

Jason L · ‎11-15-2018

FTD does not have all the features that ASA has.

Marvin Rhoads · ‎11-15-2018

ASA 5506-X and 5512-X will not support Firepower after any 6.2.3.x release. That applies whether you are talking about ASA with Firepower service module or FTD image.

They only have 4 GB of non-upgradable RAM. This limitation is why ASA 9.10(1) and later are not be supported.

mummim · ‎11-30-2018

Just have the same issue; upgraded to ASA 9.10(1) and Firepower is no longer usable.

Because we just bought two Licenses for our two ASA5506-X: What do you recommend to still use the ASA5506-X with our TAM license under the latest ASA version?

mummim · ‎12-06-2018

I can give the answer by myself now: Cisco recommended us to change to ASA5508, because there's no way to use FirePOWER with ASA5506 and the latest Software (ASA5506 has only 4GB RAM but 8GB are required).

So my recommendation to all Cisco customers: Choose the ASA5508 from the beginning instead of choosing the ASA5506 when you plan to use FirePOWER.

honza.sotek · ‎11-15-2018

And next question is "why is not supported DTLS 1.2 on ASA 5506" ??

Marvin Rhoads · ‎12-07-2018

DTLS 1.2 was just introduced in ASA 9.10(1). So it will not be available on ASA 5506-X or 5512-X.

honza.sotek · ‎12-07-2018

Why?

Marvin Rhoads · ‎12-07-2018

Because they have stopped developing new features for those two platforms in anticipation of discontinuing them.

Not supporting Firepower 6.3 / ASA 9.10(1) is the first indicator. Any new features that are introduced on those or later software versions will not make it to the ASA 5506-X and 5512-X

honza.sotek · ‎12-07-2018

It makes no sense. They would not release 9.10.1 to 5506-X. All features are available but DTLS 1.2 not.

Kasun Bandara · ‎12-07-2018

Hi ,

i just heard it from you. this is bit rude from a giant like cisco. so after this update cisco does not have small firewall which can support user's basic needs in current security world. its just a firewall.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Marvin Rhoads · ‎12-07-2018

5506-X and 5512-X are still available and ASA 9.8(3)16 (the current gold star recommended release) and Firepower 6.2.3.7 work fine on them. 95% of customers don't run the absolute latest versions in my experience.

Be patient and I am certain you will see a replacement device from Cisco.