12-20-2018 04:11 AM - edited 02-21-2020 08:35 AM
We are going to order FPR4120 and selected in CCW:
Cisco Firepower 4120 ASA Appliance, 1U, 2 x NetMod Bays
Some articles and forums say that FPR box running ASA code have no difference compared to ASA5000 series regarding to management, CLI, features (virtual device contexts, clustering, dynamic routing, etc). firepower asa code
However on cisco.com site I found this document https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/fp4100/asa-firepower4100-qsg.html#pgfId-142917 stating some weird steps to get ASA code working on this box.
Please clarify where it the truth?
Solved! Go to Solution.
12-20-2018 06:12 AM
In most cases, there is just 1 logical device per chassis, so you are not sharing resources among multiple logical devices. You cannot run the ASA software directly on the chassis if that is what you were asking.
Once the Firepower chassis and ASA is setup, it is managed like a traditional ASA - all the features and configurations are exactly the same. I have only used to chassis management post-deployment if I need to upgrade the FXOS. This is usually to maintain compatibility between the chassis and logical device.
12-20-2018 06:00 AM
Setting up a Firepower 4100 or 9300 has 2 major sections to it. One is the FXOS setup. This is sort of like a hypervisor running on the chassis. It has a separate management interface and other settings specific to the chassis. The ASA is installed as a logical device on top of the FXOS. Once the ASA is installed as a logical device (including specifying which chassis interfaces are going to be used for the ASA), the rest of the configuration is just like the ASA code running on the 55xx series. You can ssh or use ASDM as you used to do before. The reason you have to do this is because the Firepower devices have the capability to run ASA or FTD as logical devices on top of it. It just depends on what you install as a logical device.
12-20-2018 06:07 AM
12-20-2018 06:12 AM
In most cases, there is just 1 logical device per chassis, so you are not sharing resources among multiple logical devices. You cannot run the ASA software directly on the chassis if that is what you were asking.
Once the Firepower chassis and ASA is setup, it is managed like a traditional ASA - all the features and configurations are exactly the same. I have only used to chassis management post-deployment if I need to upgrade the FXOS. This is usually to maintain compatibility between the chassis and logical device.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide