Hello Marvin!

Thanks for your support.

Do I have to add both as host?

How can I group they?

Thanks

Marcio

Hosts means end user systems in FirePOWER terms.

We add ASA FirePOWER modules (and standalone FirePOWER appliances) as devices.

Once you have added, registered and licensed the FirePOWER modules, there is an option on the device management page to create a group and add the devices to the group.

Marvin,

I have 05 devices on my device manager list, but when I try to add to group the list os available devices is empty. I can´t select.

Do you know why?

What is the difference between group and H.A in the options available?

Thanks

I have 02 ASA 5555 in HA alredy working and in the device manament list on FP appear only one device, I can´t add the secundary, because they are using the same MGMT´s IP address of the primary.

How can I add the secundary or make this HA work in the FP?

Today if the primary goes down, the FP don´t recognize the secondary ASA

Each ASA FirePOWER must have a unique management IP address.

Those unique addresses and the licenses applied to them make them eligible for management and deployment of policies from the FirePOWER Management Center.

When I stall and made the upgrade, I add a unique address in each ASA, after that, I configured the HA and now, for some reason that I have no Idea why, only the address of the primary ASA is showing.

The IP that I configured in the secondary, seems disapear, because I can´t ping they.

It is possible to configure again this IP in the secondary again without unconfigure the HA?

Marcio,

Yes - the ASA High Availability pair (running the classic ASA software) is really independent of their respective FirePOWER modules.

You can reconfigure the network settings in the second unit's FirePOWER module from the module's cli as follows:

configure network ipv4 manual <ipaddr> <netmask> [gw] [interface]

It is possible to configure by SSH?

I´m trying to see the informations by SSH, even using failover exec standby "command", I can see only the information of primary.

How can I access the Firepower module of secondary using SSH?

Thanks

Hello Marico,

If you need to enter the Firepower ssh from ASA  , you can use the following command from the ASA login session.

# session sfr console

Rate if the post helps you

Regards

Jetsy 

Jetsy,

Thanks for your support

This command I alredy did, even when I use the "failover exec standby" before the comand, they enter in the Firepower module of the primary and not the secundary as I need.

You cannot do the above via the "failover exec standby" method.

You need to log into the secondary unit directly to enter the sfr module via a console session and modify its configuration.

If you don't have any standby interface addresses or a management interface configured then you need to go in via the ASA console port.

Marvin,

Was possible to change the configuration by CLI, I just made the failover, change from primary to secondary.

Now is working, thanks