01-18-2017 01:03 AM - edited 03-12-2019 01:47 AM
Hi Guys,
I am new in Cisco Firewall and got confused on firepower services. I already configured configured ASA 5506-x but then I realized that I forget something and that is the Firepower. On the Configuration tab I didn't see the Firepower Tab. I tried to set-up and I failed and now I don't know what to do. I don't know also if my firepower license is useless without having that.
Can you help on the step how to have the Firepower tab on my ASDM?.
I attached the Network Diagram so maybe it can help.
Your response is greatly appreciate.
Regards,
Michelle
Solved! Go to Solution.
01-18-2017 01:24 AM
okay, so this is ASA5525. You can manage firepower through ASDM , if you have following ASA, Firepower and ASDM images ,
Firepower System Version |
ASA OS |
ASDM Management |
---|---|---|
5.3.1.x |
9.2(4.5) and later |
— |
5.4 |
9.2(4.5) and later |
— |
5.4.0.2 - 5.4.0.9 |
9.3(3.8) and later 9.4(2) and later 9.5(1.5) and later 9.6(1) and later |
— |
6.0.0.x |
9.4(2) and later (no ASDM management or captive portal) 9.5(1.5) and later (captive portal in 9.5(2) and later) 9.6(1) and later |
7.5(1.112) and later |
6.0.1.x |
9.4(2) and later (no ASDM management or captive portal) 9.5(1.5) and later (captive portal in 9.5(2) and later) 9.6(1) and later |
7.6(1) and later |
6.1.x.x |
9.5(2) and later 9.6(1) and later |
7.6(2) and later |
Please see last three tables
http://www.cisco.com/c/en/us/td/docs/security/firepower/compatibility/firepower-compatibility.html.
I would suggest to first upgrade ASA and re-image firepower to 6.0 or later as this is a new appliance. Please see link below
http://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configure-firepower-00.html
The you can follow below link for on-box management
http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html
01-18-2017 01:12 AM
First of all , can you please check if firepower is already installed on ASA.
run command "show module sfr detail". Mangle IP addresses and paste output here.
01-18-2017 01:15 AM
FIREWALL(config)# show module sfr details
Getting details from the Service Module, please wait...
Card Type: FirePOWER Services Software Module
Model: ASA5525
Hardware version: N/A
Serial Number: FCH204473CA
Firmware version: N/A
Software version: 5.4.0-764
MAC Address Range: 286f.7f63.62d8 to 286f.7f63.62d8
App. name: ASA FirePOWER
App. Status: Up
App. Status Desc: Normal Operation
App. version: 5.4.0-764
Data Plane Status: Up
Console session: Ready
Status: Up
DC addr: No DC Configured
Mgmt IP addr: 192.168.80.6
Mgmt Network mask: 255.255.255.0
Mgmt Gateway: 0.0.0.0
Mgmt web ports: 443
Mgmt TLS enabled: true
I hope this can help.
01-18-2017 01:24 AM
okay, so this is ASA5525. You can manage firepower through ASDM , if you have following ASA, Firepower and ASDM images ,
Firepower System Version |
ASA OS |
ASDM Management |
---|---|---|
5.3.1.x |
9.2(4.5) and later |
— |
5.4 |
9.2(4.5) and later |
— |
5.4.0.2 - 5.4.0.9 |
9.3(3.8) and later 9.4(2) and later 9.5(1.5) and later 9.6(1) and later |
— |
6.0.0.x |
9.4(2) and later (no ASDM management or captive portal) 9.5(1.5) and later (captive portal in 9.5(2) and later) 9.6(1) and later |
7.5(1.112) and later |
6.0.1.x |
9.4(2) and later (no ASDM management or captive portal) 9.5(1.5) and later (captive portal in 9.5(2) and later) 9.6(1) and later |
7.6(1) and later |
6.1.x.x |
9.5(2) and later 9.6(1) and later |
7.6(2) and later |
Please see last three tables
http://www.cisco.com/c/en/us/td/docs/security/firepower/compatibility/firepower-compatibility.html.
I would suggest to first upgrade ASA and re-image firepower to 6.0 or later as this is a new appliance. Please see link below
http://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configure-firepower-00.html
The you can follow below link for on-box management
http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html
01-18-2017 01:41 AM
Okay I will try this steps. But I'm scared since this Firewall is already production and not sure if they will allow downtime.
Anyway, Thank you so much for your response. I will update you once I successful do this. Wish me luck. :)
01-18-2017 01:44 AM
Another thing, can I also use this step if my Firewall is 5506-x?
01-18-2017 01:54 AM
yes you can.However the software requirements may change for 5506. Please see link that I already shared
http://www.cisco.com/c/en/us/td/docs/security/firepower/compatibility/firepower-compatibility.html
01-18-2017 02:00 AM
Okay, Noted. Thank you so much.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide