Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
790
Views
0
Helpful
2
Replies

Issue installing FirePOWER module on ISA3K

hpegram
Cisco Employee
Cisco Employee

‎05-14-2019 08:55 AM - edited ‎02-21-2020 09:07 AM

The FirePOWER module on ISA3K was working fine, but the upgrade to 6.2 from the FMC failed. I then followed the process of installing a fresh sfr module image on the ISA itself (with the sw-module module sfr recover configure image disk0:/<file> and sw-module module sfr recover boot process) but it never successfully finishes:

 

Mod-sfr 430> Starting Advanced Configuration and Power Interface daemon: acpid.
Mod-sfr 431> acpid: starting up with proc fs
Mod-sfr 432> acpid: opendir(/etc/acpi/events): No such file or directory
Mod-sfr 433> starting Busybox inetd: inetd... done.
Mod-sfr 434> Starting ntpd: done
Mod-sfr 435> Starting syslogd/klogd: done
Mod-sfr 436> ***
Mod-sfr 437> *** EVENT: The module is shut down.
Mod-sfr 438> *** TIME: 15:00:02 UTC May 14 2019
Mod-sfr 439> ***
ISA3K# session sfr console
ERROR: Failed opening console session with module sfr. Module is in "Down" state.
Please try again later.

ISA3K# sw-module module sfr reset

Unable to reset Module sfr, it does not have a software image installed.

 

I've retried several times with several different versions of the module. Any ideas?

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-14-2019 10:57 PM

Cisco doesn't list Firepower 6.2 as a compatible release for the ISA 3000 (according to this matrix):

https://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html#id_59075

Also the downloads page only shows 5.4, 6.3 and 6.4 as available:

https://software.cisco.com/download/home/286288493/type/286277393/release/6.3.0.3

However 6.2.3 is listed in the release notes as compatible:

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/623x/relnotes/Firepower_Release_Notes_623x/platforms_and_environments.html

I suspect something has been found to be problematic with ISAs and 6.x prior to 6.4 but I can't find that documented anywhere. Perhaps you should open a TAC case and ask them to confirm.

0 Helpful

hpegram
Cisco Employee
Cisco Employee
In response to Marvin Rhoads

‎05-15-2019 06:31 AM

Thanks for the feedback, Marvin. I've tried 5.4, 6.3, and a bunch of other releases as well with no success. I have other ISA3ks running 6.2 so maybe this box is defective. Appreciate the help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card