Boris Simunko

ASA5512-X and FirePower



So I am in the proccess of getting the FirePower up and running on our firewall pair.

As I have basically no experience with FirePower, I am facing some problems and questions that I have not been able to find the right answers. So, here goes:


1. Is it a must to have a SSD drive in the ASA?

fw-A5512-r5/pri/act# show inv
Name: "Chassis", DESCR: "ASA 5512-X with SW, 6 GE Data, 1 GE Mgmt, AC"
PID: ASA5512 , VID: V06 , SN: FTX

Name: "Storage Device 1", DESCR: "Model Number: Micron_M600_MTFDDAK128MBF"


2. We have not purchased any licenses, we only have the CTRL license that came with the device. Still, I am unable to use it as I can't get the module to show up in the ASDM to generate a license key from the PAK. Which licenses are essential to use FirePower?


3. The device came with the boot file, but as we did not purchase any support services, I am unable to download the .pkg system file - is that the reason why the sfr module is stuck in recover mode? I have tried uninstalling it and booting it, I can access the module console and run the setup command, but that is all.


fw-A5512-r5/pri/act# show module

Mod Card Type Model Serial No.
---- -------------------------------------------- ------------------ -----------
0 ASA 5512-X with SW, 6 GE Data, 1 GE Mgmt, AC ASA5512 FCH211879K4
ips Unknown N/A FCH
cxsc Unknown N/A FCH
sfr Unknown N/A FCH

Mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
0 70df.2f32.3bea to 70df.2f32.3bf1 3.1 2.1(9)8 9.8(1)
ips 70df.2f32.3be8 to 70df.2f32.3be8 N/A N/A
cxsc 70df.2f32.3be8 to 70df.2f32.3be8 N/A N/A
sfr 70df.2f32.3be8 to 70df.2f32.3be8 N/A N/A

Mod SSM Application Name Status SSM Application Version
---- ------------------------------ ---------------- --------------------------
ips Unknown No Image Present Not Applicable
cxsc Unknown No Image Present Not Applicable

Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
0 Up Sys Not Applicable
ips Unresponsive Not Applicable
cxsc Unresponsive Not Applicable
sfr Recover Not Applicable

Mod License Name License Status Time Remaining
---- -------------- --------------- ---------------
ips IPS Module Disabled perpetual


fw-A5512-r5/pri/act# show module sfr det
Getting details from the Service Module, please wait...
Unable to read details from module sfr

Card Type: Unknown
Model: N/A
Hardware version: N/A
Serial Number: FCH211879K4
Firmware version: N/A
Software version:
MAC Address Range: 70df.2f32.3be8 to 70df.2f32.3be8
Data Plane Status: Not Applicable
Console session: Ready
Status: Recover

fw-A5512-r5/pri/act# sess sfr cons
Opening console session with module sfr.
Connected to module sfr. Escape character sequence is 'CTRL-^X'.
Cisco FirePOWER Services Boot Image 6.2.0

FirePower login: admin

Cisco FirePOWER Services Boot 6.2.0 (2)
Type ? for list of commands
FirePowerboot>show version

Cisco FirePOWER Services Boot 6.2.0 (2)


4. Do I need to have Firesight or some other software to manage the module or can I do it all through ASDM?



Karsten Iwen
VIP Mentor

1) You can't install SFR without SSD. But that's fine as you have one.

2) The CTRL-License is enough for the start. But you won't have services like IPS, AMP or URL-filter.

3) Installing SFR is a process of multiple steps. It starts with having the software. And for that, you need at least a service contract.

4) You can manage it through ASDM, but the Firepower Management Center will give you much more features and insight into your network. If you have a host to install it, it's a useful tool.

