Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1425
Views
8
Helpful
12
Replies

Check if ASAs have Firepower Service Modules?

Go to solution
jmaxwellUSAF
VIP
VIP

‎11-27-2023 11:36 AM

Hello.

Are Firepower Service Modules separate physical cards inside ASAs?

We have a few ASA5525s, and an ASA1120. How do I check if these devices already have installed Firepower Service Modules?

Thank you.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to jmaxwellUSAF

‎11-27-2023 12:08 PM

@jmaxwellUSAF the Firepower Services Module is an application that runs on the SSD of the ASA hardware. This hardwares runs the ASA software image AND if the Firepower Service Module is present can redirect packets to the FPR Services Module for inspection.

The Firepower hardware (including the 1120) do not support the Firepower Services Module, you either run just the ASA software image without Firepower functionality or you run the FTD software image instead of the ASA image, the FTD image is the NGFW.

View solution in original post

12 Replies 12

Go to solution
MHM Cisco World
VIP
VIP

‎11-27-2023 11:46 AM 

show module sfr details

This give you some detail about sfr if it add or not.

MHM

Go to solution
Rob Ingram
VIP
VIP

‎11-27-2023 11:47 AM

@jmaxwellUSAF use the command " show module sfr " on the 5525-X, the 1120 does not support the Firepower Services Module.

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎11-27-2023 11:49 AM

ASA5525 - you can see front there is SSD installed or you can also boot and look

show modules

show module ips details (if installed)

1120 is latest Firepower (you can boot and check is the FTD image or ASA image)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
jmaxwellUSAF
VIP
VIP

‎11-27-2023 12:03 PM

Thank you for your replies.

May you please reply to the questions below?

1. Is the ASA5525 Firepower module  hardware?

2. How do I check the Firepower status on an ASA1120?

2. Does below mean the module is not physically present, or not turned on?

# show module sfr

Mod Card Type Model Serial No.
---- -------------------------------------------- ------------------ -----------
sfr Unknown N/A FCH1944K3Y8

Mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
sfr 76a2.e5d7.f0f1 to 76a2.e5d7.f0f1 N/A N/A

Mod SSM Application Name Status SSM Application Version
---- ------------------------------ ---------------- --------------------------
sfr Unknown No Image Present Not Applicable

Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
sfr Unresponsive Not Applicable

--

Thank you.

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to jmaxwellUSAF

‎11-27-2023 12:08 PM

@jmaxwellUSAF the Firepower Services Module is an application that runs on the SSD of the ASA hardware. This hardwares runs the ASA software image AND if the Firepower Service Module is present can redirect packets to the FPR Services Module for inspection.

The Firepower hardware (including the 1120) do not support the Firepower Services Module, you either run just the ASA software image without Firepower functionality or you run the FTD software image instead of the ASA image, the FTD image is the NGFW.

Go to solution
MHM Cisco World
VIP
VIP
In response to jmaxwellUSAF

‎11-27-2023 12:12 PM 

show module sfr details

Add details and share output.

MHM

Go to solution
jmaxwellUSAF
VIP
VIP
In response to MHM Cisco World

‎11-27-2023 12:16 PM

# show module sfr details
Unable to read details from module sfr

Card Type: Unknown
Model: N/A
Hardware version: N/A
Serial Number: FCH5302K1G3
Firmware version: N/A
Software version:
MAC Address Range: 74a2.e6d4.b510 to 74a2.e6d4.b210
Data Plane Status: Not Applicable
Console session: Not ready
Status: Unresponsive No Image Present

0 Helpful

Go to solution
jmaxwellUSAF
VIP
VIP
In response to balaji.bandi

‎11-27-2023 12:25 PM

"You have module"

... how do you know that?

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to jmaxwellUSAF

‎11-27-2023 12:37 PM

@jmaxwellUSAF if you had a working module I would expect the output to be as below, but the output you provided above does not confirm the Card Type or even the Model. 

ASA5525# show module sfr details
Getting details from the Service Module, please wait...

Card Type:          FirePOWER Services Software Module
Model:              ASA5525

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-device-manager/200889-Using-ASDM-to-manage-a-FirePOWER-module.html

The output above from your ASA 5525-X?

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-28-2023 01:49 AM

The ASA 5525-X has the capability to run a Firepower service module but it requires the optional solid state drive (SSD) in addition to system software boot (img file) and system software package (pkg file). So, in that sense, they are both hardware and software.

They are also end of sales, so even if you had the images you would need licenses which are no longer sold to enable the features.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card