Hello Sir,

I have updated the versions but i am getting some error while take access to Cisco ASA5516 throw ASDM.

PLease find attched error screenshot.....

If your ASDM is telling you that, then either do as it instructs or else upgrade your local Java to the current version.

More troubling though is that you must not have setup the FirePOWER module for FMC management.

A given module is managed by either FMC or ASDM - never both.

If you follow the Quick Start Guide, it tells you when setting up the FirePOWER module to "configure manager add" as described here:

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html#pgfId-139815

Once you do that (and add the device in the manager as well) it will register as externally managed and ASDM will only show the high level module status (and not have to communicate with the module via https which is why you got that error). All FirePOWER policies and events will be created on, deployed from and seen at the FMC.

Hello,

After installed Java same issue we are facing,

Please help to how to resolved the issue...

I had said the more important thing is to setup your module for managment by the FirePOWER 1000.

Have you done that? If not, why not?

Hi Marvin,

thanks for your [rompt resposnse ,

Please share the steps to add the firepower module to FMC 1000 , It would be great if can confirm the port to be opened between FMC and Firepower .

Regards

Sachin

Please read the Quick Start Guide that I posted earlier in this discussion to add your module to the FMC.

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html#pgfId-139815

The communications between the module and the management center occurs via tcp/8305 and if there are any ACLs they must allow the communications to be initiated in both directions.

http://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/security_internet_access_and_communication_ports.html#ID-2202-000000dc

Hello,

Thanks a lot, Finally i have upgraded my Firepower manager and also upgraded firepower module with ASA.

After that i have sync my ASA Firepower module with my Firepower manager.

Now Can you please confirm and guide us, How FMC will automatically take and updates license, Rules, Patches, Signatures….?

  How can we configure throw GUI base…?

Please refer to the configuration guide which I linked earler. It has a whole section just on updates:

http://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/system_software_updates.html

There are step by step instructions there and it is all via the GUI.

thanks for your Prompt resposnse.

Firepower module has been installed and sync on FMC. but we are getting one error ‘’  Interface 'DataPlaneInterface0' is not receiving any packets ‘’

So Please guide me what is Data Plan Interface0 and how to resolved the error.

Please find attached error screenshot....

DataPlaneInterface0 is the internal connection between an ASA and its FirePOWER module. 

We most commonly see that error in two cases:

1. If the steps to "Configure the ASA Security Policy" (as directed in the quick start guide linked earlier) are not followed. Unless that is done, the module receives no traffic and the alert results.

2. In an HA pair the Standby unit will not be passing traffic through its interfaces. This case is normal and requires no action. 

Hello Marvin,

Thanks for your promt support....

Please help with the license detail required with FMC 1000 to manage IPS services of NGFirepower .

is there any separate license required for FMC 1000 to manage the IPS or by default came with the hardware.

Regards

Sachin 

The FMC 1000 itself has a right-to-use license (i.e. no PAK or license file needed).

Any devices you manage with it require their own licenses (Control+Protect, URL, Malware) to be added to the FMC 1000. For that you use the license page on the FMC 1000 GUI to get the key and then combine it with the device license PAK on the Cisco licensing portal to get a license file. The content of that file is then pasted into the licensing page.

Once you have the device licenses there you assign them to your registered devices via the Device Management page in FMC.

The ASA update process is very buggy and needs a redesign. each step is very version focused and needs a re-loook IMHO

my FMC is 6.2.2

TAC sent me  an SFO conversion file to migrate to FTD

it was run on a 6.2.2.1 VM 

my FMC VM reject this version as being incompatible.

i'm trying to update the FMC to 6.2.2.1 and am stuck.

i have the .SH patches, but the FMC vm does not accept them

the cisco document is NOT clear on how to apply the .SH patch

please advise