cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1479
Views
0
Helpful
5
Replies

Firepower and ASDM SRP issue

Phil Bradley
Level 4
Level 4

I have been troubleshooting why my firepower tabs show up in the ASDM interface but with blank pages and it appears to be related to my software restriction policy. ASDM is loading jxbrowser-chromium.exe to load the firepower values which is located under %userprofile%\appdata\local\temp directory. I do not allow any exe's to run under the user profile by default. The ASDM installs under the program files directory which works fine. Is there a reason that they don't install this exe under program files or is there an option to do this?

5 Replies 5

Marvin Rhoads
Hall of Fame
Hall of Fame

The ASDM location for supporting files cannot be changed in any way that Cisco will support.

 

The recommended management model for those who are unhappy with or unable to use ASDM is to manage the Firepower module using Firepower Management Center. In that case it would be almost all all html-based management from your browser. (The exceptions being the initial cli-based setup and the rare deep troubleshooting commands that are also cli-based.)

 

The newer FTD images' local management is all browser based as well with the Firepower Device Manager interface.

This makes no sense why Cisco puts the firepower files in the user profile and not in program files like they do the asdm files. This in my opinion is not very good security practice. For the ones that do like gotomeeting and WebEx, at least they sign their executable so that I can put the exception in that way. I guess I can put my asdm machine in a dmz zone on the ASA to isolate it from my corporate network, lol.

Has there been any changes to this issue? I work within the DoD community and they have implemented the same restrictions as noted above (i.e. not allowing execution of applications located in Appdata\temp).

 

Using the Firepower Management Center is not cost effective for a single firewall.

 

Thank-you

 

Thomas

Hi Thomas,

The issue still exists in ASDM 7.9(1). I have not tried any of the newer releases yet. I ended up creating an exception to this with a path rule in SRP which is a band-aid. I hope they have looked at this in later releases. Here is my path rule and it may vary by version.

 

%userprofile%\AppData\Local\Temp\jxbrowser-chromium-39.0.2171.52.4.9.5\jxbrowser-chromium.exe

We are running ASDM 7.10(1) and no change in symptoms.

 

Thanks for the update and I guess we will also implement the exception.

Review Cisco Networking for a $25 gift card