Firepower IPS - on cisco 5525-X

hitesh2212 · ‎03-07-2019

Hello Team,

We have Cisco 5525-X device .

Below is full information .

We have Cisco ASA firewall please find below information.

fw08-kp/admin/pri/act# show inventory

Name: "Chassis", DESCR: "ASA 5525-X with SW, 8 GE Data, 1 GE Mgmt, AC"

PID: ASA5525 , VID: V03 , SN: FGL183140BK

Name: "module 1", DESCR: "ASA 5525-X Interface Card 6-port GE SFP, SX/LX"

PID: ASA-IC-6GE-SFP-B , VID: N/A , SN: N/A .

Mod Card Type Model Serial No.

---- -------------------------------------------- ------------------ -----------

0 ASA 5525-X with SW, 8 GE Data, 1 GE Mgmt, AC ASA5525 FCH1829JE1E

ips ASA 5525-X IPS Security Services Processor ASA5525-IPS FCH1829JE1E

cxsc Unknown N/A FCH1829JE1E

sfr Unknown N/A FCH1829JE1E

Mod MAC Address Range Hw Version Fw Version Sw Version

---- --------------------------------- ------------ ------------ ---------------

0 7c0e.ce67.115e to 7c0e.ce67.1167 1.0 2.1(9)8 9.6(3)1

ips 7c0e.ce67.115c to 7c0e.ce67.115c N/A N/A 7.1(8p1)E4

cxsc 7c0e.ce67.115c to 7c0e.ce67.115c N/A N/A

sfr 7c0e.ce67.115c to 7c0e.ce67.115c N/A N/A

Mod SSM Application Name Status SSM Application Version

---- ------------------------------ ---------------- --------------------------

ips IPS Up 7.1(8p1)E4

cxsc Unknown No Image Present Not Applicable

sfr Unknown No Image Present Not Applicable

Mod Status Data Plane Status Compatibility

---- ------------------ --------------------- -------------

0 Up Sys Not Applicable

ips Up Up

cxsc Unresponsive Not Applicable

sfr Unresponsive Not Applicable

Mod License Name License Status Time Remaining

---- -------------- --------------- ---------------

ips IPS Module Enabled perpetual

fw08-kp/admin/pri/act#

Also we have Procure Firepower IPS license and below Details for Your Ref.

eDelivery Access Order

Line Id Product ID (SKU) Description Qty Carton/Cust Ref Line Notes
L-ASA5585-10-TA= Cisco ASA5585-10 FirePOWER IPS License 2 XXXX
L-ASA5525-TA= Cisco ASA5525 FirePOWER IPS License 2 XXXX

Now I have few question related to this .

How can I install firepower IPS on my cisco ASA5525-X firewall ( Which show inventory I provided Above ) . / Is it supported ?
I cant able to see SSD Disk on show inventory
Inbuilt IPS is it self Firepower ?
Need steps to install this Firepower licenses on this device.
Is it supported with Multi context mode ? and How ?

johnlloyd_13 · ‎03-10-2019

hi,

you'll need to bootstrap/upgrade the FP module on the ASA 5525-X. see helpful link:

http://ccnpsecuritywannabe.blogspot.com/2017/09/cisco-asa-firepower-module-upgrade.html

Jonatan Jonasson · ‎03-10-2019

Hi,

Originally you could purchase the ASA5525-X appliances with and without a SSD disk.

Since "show inventory" doesn't show a SSD, you will probably need to purchase them for the 5525-X

(The SKU is/was: ASA5500X-SSD120=)

And then, if you plan on running firepower services for ASA, you have to install firepower on the SSD (johnlloyd_13 provided a link).

I believe you can use firepower services for ASA in multi-context mode, but I have never tried that myself.

Marvin Rhoads · ‎03-10-2019

In addition to purchasing the SSD for your 5525-X, you will also need to add the no cost (but required) Control license. The part number (SKU) is ASA5525-CTRL-LIC=,

You can use Firepower service module while running multiple contexts. However, it is unaware of the contexts - any and all context that have a service-policy to redirect traffic to the Firepower service module will hit the same policies (Access Control, Intrusion, Identity etc.) on the module