Thank You.

Even after shutting down the sensor from Firesight, I am able to ping the sensor management IP. The sensor is shown as offline in Firesight DC console. Is it a normal behavior?

You're welcome.

The FMC-initiated shutdown only terminates the secure connection between itself and the sensor.

If it truly shut it down like the command I mentioned earlier, it would have no way of starting it up again as that has to be done from the ASA cli and the FMC does not have the ability to send commands to the parent ASA. 

I think it's because the SFR is a Linux system, very different than the ASA firmware based system. Sometime ago during initial testing of our 5585-X chassis (separate ASA and SFR module), I just powered it down thinking it was the same as a regular ASA. I was wrong. The SFR software was corrupted and became usable.

Now I am in the process of replacing the only (no redundancy) power supply of one of our 5585-X chassis. I need to run the shutdown command until the shutdown process is fully done before I can flip the power switch. It's a waiting game. At best I can only judge it by the module indicator activities.

You can monitor progress via the sfr hardware module console port on the 5585-X.

Alternatively, you can see it (on all platforms) via the command "show module sfr log console".

That command is particularly useful when setting up one for the first time or upgrading  - you can see where it is initializing databases, upgrading the OS etc. and track the progress in detail.

The sw-module module sfr reload does not start the module back up after issuing the sw-module module sfr shutdown.  

It gives the error:

"Module sfr cannot be reloaded, not in Up state."

Do you have to issue the "sw-module module sfr recover" command then?  I don't want to reconfigure it, just start it back up. 

Here are the steps to shut down and bring up a FirePOWER module:

sw-module module sfr shutdown
sw-module module sfr reset
sw-module module sfr reload

Marvin,

we shut down the SFR module earlier and we want to start it up again. I received the message below when I enter the reset command. Do you know what would cause that?  and at this point, do i have to recover the module with the recover command? 

someone else performed the shutdown, i'm not sure the steps he took to shut down the module. 

# sw-module module sfr reset

Unable to reset Module sfr, it does not have a software image installed.

Thanks in advance.

It appears somebody did more that simply shutdown the module - it may be uninstalled.

In that case it would need to be recovered / reinstalled.

I thought so. Just recovered the module. 

Thanks for the confirmation!

Hello Marvin,

Sorry to be replying to this old thread but I am having issues with my SFR module on my ASSA5525 the firepower tabs are not showing anymore in asdm also the state of the sfr module in CLI shows as unresponsive I am thinking of reloading the sfr by following the steps described above it but without losing any configuration made will the command sw-module module sfr reset just reload or will it factory reset the sfr module?

Thanks in advance

@tanios191 the reset keyword will cause the module to factory reset.

https://community.cisco.com/t5/network-security/resetting-to-factory-default-firepower-module-in-asa/td-p/2853372

What can I do in that case ?

I am getting the below output:

hoasa01# show module sfr

Mod Card Type Model Serial No.
---- -------------------------------------------- ------------------ -----------
sfr Unknown N/A FCH22467AG6

Mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
sfr d4c9.3cff.8674 to d4c9.3cff.8674 N/A N/A

Mod SSM Application Name Status SSM Application Version
---- ------------------------------ ---------------- --------------------------

Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
sfr Down Not Applicable

hoasa01# show module sfr

Mod Card Type Model Serial No.
---- -------------------------------------------- ------------------ -----------
sfr Unknown N/A FCH22467AG6

Mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
sfr d4c9.3cff.8674 to d4c9.3cff.8674 N/A N/A

Mod SSM Application Name Status SSM Application Version
---- ------------------------------ ---------------- --------------------------

Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
sfr Down Not Applicable

hoasa01# sw-module module sfr reload
hoasa01# sw-module module sfr reload

Reload module sfr? [confirm]

Module sfr cannot be reloaded, not in Up state.
hoasa01# sw-module module sfr ?

recover Configure recovery of this module
reload Reload the module
reset Reset the module
shutdown Shut down the module
uninstall Uninstall the module
hoasa01# sw-module module sfr reload

Reload module sfr? [confirm]

Module sfr cannot be reloaded, not in Up state.