Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2065
Views
0
Helpful
9
Replies

Cisco ASA 5516-X and FirePower

atsikora1
Level 1
Level 1

‎07-26-2016 07:52 AM - edited ‎03-12-2019 01:03 AM

Hi,

I'am using this guide: http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5508X/5508x-quick-start.html to configure Cisco ASA 5516-X. My connection to Cisco ASA by ASDM works fine, however I can't configure the ASA FirePOWER Module. I don't have the Configuration-> ASA FirePOWER Configuration  menu, so I can't assing licence and configure IPS. 

Could you tell what is wrong with my configuration?

Labels:
0 Helpful
9 Replies 9

Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-26-2016 07:15 PM

Please share the output from "show module".

0 Helpful

atsikora1
Level 1
Level 1
In response to Marvin Rhoads

‎07-27-2016 11:24 PM

Mod Card Type Model Serial No.
---- -------------------------------------------- ------------------ -----------
1 ASA 5516-X with FirePOWER services, 8GE, AC, ASA5516 
sfr FirePOWER Services Software Module ASA5516 

Mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
1 1.0 1.1.3 9.4(1)
sfr N/A N/A 5.4.1-211

Mod SSM Application Name Status SSM Application Version
---- ------------------------------ ---------------- --------------------------
sfr ASA FirePOWER Up 5.4.1-211

Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
1 Up Sys Not Applicable
sfr Up Up

0 Helpful

Jetsy Mathew
Cisco Employee
Cisco Employee
In response to atsikora1

‎07-28-2016 03:36 AM

Hello ,

Can you  see the ASA firepower status tab ?

If you are seeing only the ASA Firepower Status tab but no any ASA FirePOWER Reporting/Dashboard., then It’s not the fault with your SFR installation.


In your case ,first verify that the user id has at least privilege 15. The user id needs high enough privilege to access the FirePOWER components.


Note:- Username created by default without explicitly configuring the privilege command would be "2".


Next thing to do is to click on the ASA FirePOWER Status tab. Verify that the ASA FirePOWER module's state is Up which you already 


It is also possible that the FirePOWER module is unreachable because it is behind a NAT device. At startup, ASDM will display a dialog to enter the FirePOWER's IP and port numbers.
Entering the correct IP and Port numbers will display the missing tabs.


Note: Entering an invalid but working IP and Port number will cause the tabs to still be missing. An example of this would be entering the IP and Port of a different ASA FirePOWER installed on a different ASA.


Also please reboot the Firepower module once.

Regards

Jetsy 

0 Helpful

atsikora1
Level 1
Level 1
In response to Jetsy Mathew

‎07-28-2016 04:07 AM

I can see the Firepower Status tab but no FirePOWER Reporting/Dashboard. The user I'am using to connect to asdm have privillege level 15. I reloaded the SFR module but that didn't help. I don't think that NAT or security on switch is the problem. The Managment Interface and Inside Interface are connected to simple L2 switch. The IP address of FirePOWER module is correct. 

FirePower Module Status:

Application Status: Up

Application Status Description: Normal Operation

Dataplane: Up

Status: Up

EDIT:

I can point my browser to FirePOWER IP and I can see the info that Onbox NGFW is managed by ASDM.

0 Helpful

Jetsy Mathew
Cisco Employee
Cisco Employee
In response to atsikora1

‎07-28-2016 05:02 AM

Hello,

1 )Check the management port and inside interface connections to the switch which are in the same VLAN

2) ping and telnet from sfr to inside IP

3) Access the SFR IP directly over HTTPS if it fails probably HTTPSD is down verify with pmtool status | grep httpsd from the Firepower CLI.

Also please reboot the Firepower module once.

Regards

Jetsy

0 Helpful

atsikora1
Level 1
Level 1
In response to Jetsy Mathew

‎07-28-2016 05:37 AM

The problem was with certificate. I reinstalled Java and went through certificate entrolment in asdm and everything works fine now. Thanks for help.

0 Helpful

Jetsy Mathew
Cisco Employee
Cisco Employee

‎07-28-2016 12:17 AM

Hello ,

Have you finished the asa sfr installation with both .pkg and .img files using the following link ?

http://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configure-firepower-00.html

Regards

Jetsy 

0 Helpful

atsikora1
Level 1
Level 1
In response to Jetsy Mathew

‎07-28-2016 12:49 AM

Yes, I'am able to login to SFR module using console. IP is is correct.

0 Helpful

mkuenzelmann
Level 1
Level 1

‎07-28-2016 03:31 AM

Hi,

I had the same problem today, on our site the issue was that the Management1/1 interface ran into our port-security MAC limit. So an "switchport port-security maximum 2" on the switch port did the trick.

HTH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card