Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
756
Views
10
Helpful
1
Replies

Cisco ASA5545-MB Upgrade to support Firepower Services with IPS.

gunjan555
Level 1
Level 1

‎09-25-2019 01:49 AM - edited ‎09-25-2019 02:11 AM

I have Cisco ASA5545-MB running in Active-Active Failover in DC. I have got task to upgrade this ASA to work with Firepower Services and install IPS on it. There are some challenges which I would like to overcome:-

1) Do I need to remove the IPS legacy module before Installation of Firepower Services. The show Tech-Support didnt provided me information for Show Inventory which would confirm whether SSD module is present or not to install Firepower Services. Below is output of show module.

------------------ show module ------------------


Mod Card Type Model Serial No.
---- -------------------------------------------- ------------------ -----------
0 ASA 5545-X with SW, 8 GE Data, 1 GE Mgmt ASA5545 FCH22297DGP
ips                          Unknown                             N/A           FCH22297DGP
cxsc                       Unknown                             N/A            FCH22297DGP

 

Mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
0 bc26.c79f.2e2a to bc26.c79f.2e33         3.1              2.1(9)8     9.1(7)32
ips bc26.c79f.2e28 to bc26.c79f.2e28       N/A             N/A
cxsc bc26.c79f.2e28 to bc26.c79f.2e28    N/A              N/A

 

Mod SSM Application Name Status SSM Application Version
---- ------------------------------ ---------------- --------------------------
ips Unknown                    No Image     Present         Not Applicable
<--- More --->

cxsc Unknown                  No Image    Present        Not Applicable

 

Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
0 Up Sys                          Not Applicable
ips Unresponsive              Not Applicable
cxsc Unresponsive           Not Applicable

 

Mod License Name License Status Time Remaining
---- -------------- --------------- ---------------
ips  IPS Module               Disabled            perpetual

 

2) Do i need to order 4 120G SSD modules and how should I install the same in running Firewall. If Yes then do I need to shut Down Firewall and then Install SSD and then power on ASA. 

3) To Install Firepower do I need to upgrade my ASA to 9.2.2 and higher and then install Firepower.

4) I am planning to deploy Virtual Machine to install VmWare and then deploy FMC version 6.3.0 on it. 

5) Once done will Install IPS on the FMC. What are prerequisite for installation as well what are things to look after while deploying IPS?

 

I know they are to many questions but I have urgent requirement and a clear picture on the above would be much appreciated....

Labels:
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-25-2019 07:59 AM

1. The modules are software. The IPS one always shows up like that even though it's not actually installed. So no need to uninstall in your case.

2. While you can insert an SSD while the ASA is online, it should be reloaded so that Power On Self Test (POST) checks and identifies the hardware.

3. Yes. Ideally to a version that's compatible with the latest Firepower (currently 6.4.0.5 - requires ASA 9.5(2) or later and  ASDM 7.12(1)). https://www.cisco.com/c/en/us/td/docs/security/firepower/compatibility/firepower-compatibility.html#id_60529

4. OK

5. Entire books have been written about this. there are also some good Cisco Live presentations.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card