cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2003
Views
10
Helpful
4
Replies

Cisco ASA Firepower management with ASDM

s.maxina1
Level 1
Level 1

HI All

I Have a Cisco 5555-x with Firepower Services which is previously managed with FMC(with Cisco ASA5555 Firepower Control, IPS,AMP and URL Licenses). Now, I want to manage it with ASDM. when I connect to firewall via ASDM, I see only "ASA FirePOWER Status" Tab(no configuration TAB). As I surfing the web, I got that in Setup Wizard(if it is not correct,please let me know), I need to enter firepower network configuration(as same as in my current firepower network configuration). My question is that, after finishing wizard setup, all the previous firepower configuration and licenses will be deleted or not?

best regrads

Sina HR.

2 Accepted Solutions

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame
When you change from FMC management to local (ASDM) management of an ASA Firepower service module and policies deployed from FMC are lost. You don't need to re-run the setup wizard but you do need to delete the FMC manager ("configure manager delete") and the the module to use ASDM instead ("configure manager local") from the module cli. When ASDM connects to an ASA with Firepower service module it checks the module for which management type is configured. If it is local (and your ASDM user has admin level privilege) you will get the configuration tab for the module. Licenses are not "lost" but do need to be rehosted from FMC to ASDM via the self-service portal at software.cisco.com.

View solution in original post

The installed policy resides on the target managed device.

However, there's no provision for that policy to be synced back "up" when a new type (for instance changing from FMC to ASDM) or different instance of the same type of manager (in the case of FMC) is configured.

Licenses need to be rehosted as I noted. 

View solution in original post

4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame
When you change from FMC management to local (ASDM) management of an ASA Firepower service module and policies deployed from FMC are lost. You don't need to re-run the setup wizard but you do need to delete the FMC manager ("configure manager delete") and the the module to use ASDM instead ("configure manager local") from the module cli. When ASDM connects to an ASA with Firepower service module it checks the module for which management type is configured. If it is local (and your ASDM user has admin level privilege) you will get the configuration tab for the module. Licenses are not "lost" but do need to be rehosted from FMC to ASDM via the self-service portal at software.cisco.com.

Hi Marvin Rhoads.

thanks for replying.

I have to say that the FMC VM is deleted and there is no Backup/snapshot from previous Network Security Administrator. If I want to install new FMC VM, i have to install license and policy again? in other words, all policy and licenses always installed in management center either ASDM or FMC and not in SFR Module?

Best Regards.

The installed policy resides on the target managed device.

However, there's no provision for that policy to be synced back "up" when a new type (for instance changing from FMC to ASDM) or different instance of the same type of manager (in the case of FMC) is configured.

Licenses need to be rehosted as I noted. 

thanks so much Marvin.

Sina HR.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: