Solved: Re: Check ASA 5555 inventory through FMC

NInja Black · ‎03-27-2020

Hi,

I want to check if the ASA 5555x firewall has SSDs installed on it. How do I check this through FMC GUI?

I know on ASA the "show inventory" command works but unable to check this on FMC. Once the ASA is added to FMC is there any way to access the firewall GUI itself (not from FMC)

Marius Gunnerud · ‎03-28-2020

You need to have an external identity source configured, activate external authentication for this identity source under Devices > Platform Settings > the policy you have configured for Platform Settings.

The Advanced Troubleshooting tab can be found under Devices > Device Management and click on the wrench and screwdriver icon next to the device you want to access the Advanced Troubleshooting for.

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

Marvin Rhoads · ‎03-27-2020

You still have the ASA cli to check from - whether you are running FTD or ASA image.

Once you manage FTD via FMC you no longer have a local management GUI (Firepower Device Manager). If it's a Firepower service module on ASA then you still have ASDM GUI - just not the ability to configure the module. If it's an ASA running FTD you can access the cli (for show commands - i.e. "show inventory") from FMC via the Advanced Troubleshooting tool under Health Monitor.

In all cases you still have the cli on the ASA appliance. FTD image uses the clish type cli and traditional ASA image has the normal cli.

Marius Gunnerud · ‎03-28-2020

Just to add, FTD also has standard ASA CLI capability for troubleshooting though configuration is not possible from the CLI. To access this enter «system support diagnostic-cli». Most of the show commands, along with packet-tracer and debugs are available herre.

--
Please remember to select a correct answer and rate helpful posts

NInja Black · ‎03-28-2020

Marius,

I don't have access to FMC 1000 devices CLI. Though my username has administrator role privileges my login through SSH doesn't work. I get an "access denied" response. With the administrator role I assumed I would be able to login through SSH too as long as I can reach it via SSH. I have worked on ASA/ASDM before and never on FMC so its all new to me.

Marius Gunnerud · ‎03-28-2020

You need to have an external identity source configured, activate external authentication for this identity source under Devices > Platform Settings > the policy you have configured for Platform Settings.

The Advanced Troubleshooting tab can be found under Devices > Device Management and click on the wrench and screwdriver icon next to the device you want to access the Advanced Troubleshooting for.

--
Please remember to select a correct answer and rate helpful posts

Marvin Rhoads · ‎03-29-2020

First off, the FMC cli is for the manager only. Users created in the server GUI do not automatically appear as ssh users in the underlying OS.

To access the advanced troubleshooting menu and get cli access there you have to select the managed device in the Health Monitor section. This access applies to devices running FTD only. If your ASA 5555 is running ASA image with a Firepower service module, cli access will not be possible from FMC. Instead you would just access the cli from the ASA itself and "show inventory".

NInja Black · ‎03-28-2020

Marvin,
From FMC I don't see "Advanced Troubleshooting" option. Below is the path I am checking. Please advise.

FMC 1000 GUI > System > Health > Monitor.