02-12-2016 01:15 PM - edited 03-12-2019 05:53 AM
My company has 2 ASA 5515X (running ASA 9.5.2, ASDM 7.5.2, and FirePOWER 5.3.1) configured in a failover pair that we have been running for 8 months. When they were installed, the FirePOWER control license was purchased but not FireSight and in our environment, we would rather stay away from running the virtual appliance needed for FireSight. The FirePOWER module was setup and its status reports as up but the configure and monitor options are non-existent in the ASDM (I do see the ASA FirePOWER Status tab on the home page). The traffic has never been set to run through the FirePOWER module yet. Ideally, we would prefer to manage FirePOWER through the ASDM if possible, which from my understanding, is possible if we upgrade our FirePOWER software module from 5.3.1 to 6.0. My questions are as follows:
1. Is it possible to manage FirePOWER on our 5515Xs through the ASDM if we were running the FirePOWER 6.0 software module?
2. If the answer to question 1 is yes, the only instructions I have found for upgrading from FirePOWER 5.3.1 to 6.0 involve using Defense Center (FireSight?) which we do not have and some have said you have to go from 5.3.1 to 5.4 before you can go to 6.0. Can anyone point me to instructions for upgrading my FirePOWER software module from 5.3.1 to 6.0 (I assume using the CLI which I can access the FirePOWER module through)?
Anything I am overlooking? Is it stupid to want to manage FirePOWER through the ASDM instead of using FireSight? Thanks for the help.
-Dylan
02-13-2016 02:31 AM
Yes, you can manage the Firepower Module through the ASDM in version 6.0.0.
You need to re-image the module with version 6.0.0. It will hardly take 45-60 minute. Once you complete the re-image and assign the IP address to SFR module.
Ensure that management port should have reachability to end system. login to ASA through ASDM and you should able to see one more tab for Firepower Configuration. Just a look on attachment.
Regards,
Sunil Kumar
Rate if it helps !!
02-16-2016 11:38 AM
Thank you for the response Sunil. I am glad that we can do what we were hoping to by upgrading to 6.0. Since we are currently at 5.3.1, do we need to upgrade in steps by going to 5.4.1 or since we are just re-imaging, can we go straight o 6.0? It looks like I can follow the "Install or Reimage the Software Module" instructions from this link (http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/firewall/asa-firewall-cli/modules-sfr.html#pgfId-1485825) and that I just need to shutdown and uninstall the FirePower software module, then image using the new 6.0, does that sound correct?
-Dylan
02-16-2016 05:11 PM
Yes, you are Right.
Regards,
Sunil Kumar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide