Enable interfaces in Firepower 2120 using FX-OS

johnlloyd_13 · ‎07-20-2022

hi,

i would need to upgrade an ASA 5525-X to FPR2120.

can someone confirm the SKU FPR2120-ASA-K9 has ASA code/appliance running by default?

does the appliance by default boot in firepower# or ciscoasa> prompt?

i also read the starting guide only MGMT1/1, eth1/1 and eth1/2 are enabled by default.

i would need to enable 1x port for DMZ and 1x port for failover. just help confirm if below FX-OS commands are correct?

ciscoasa#connect fxos

default login is: admin / Admin123

firepower-2110# scope eth-uplink
firepower-2110 /eth-uplink # scope fabric a
firepower-2110 /eth-uplink/fabric # enter interface Ethernet1/3 <<< DMZ INTERFACE
firepower-2110 /eth-uplink/fabric/interface # enable

firepower-2110 /eth-uplink/fabric # enter interface Ethernet1/12 <<< FAILOVER INTERFACE. DO I NEED TO 'exit' FIRST?
firepower-2110 /eth-uplink/fabric/interface # enable

firepower-2110 /eth-uplink/fabric/interface* # commit-buffer

also, i read you enable NTP in FX-OS. can NTP added in ASA config instead?

firepower-2110# scope system
firepower-2110 /system # scope services
firepower-2110 /system/services # enter ntp-server 10.1.1.1
firepower-2110 /system/services # commit-buffer

if i do an ASA code upgrade, do i just upgrade as normal via ASA 'boot system disk0:/<ASA.bin>?

or do i also have to upgrade FX-OS first?

is it required to configure a MGMT IP on the FX-OS 'management1/1'? or can i just jump to FX-OS once i SSH and get a ciscoasa> prompt?

can FX-OS MGMT1/1 and ASA MGMT1/1 management IP can be on same subnet?