Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1993
Views
0
Helpful
3
Replies

Lost FirePOWER after updating ASA and ASDM

drwhq
Level 1
Level 1

‎12-03-2018 05:05 AM - edited ‎03-12-2019 07:08 AM

Hi there,

 

I have recently updated ASA to 9.10(1) and ASDM to 7.10(1) on a 5512-X with FirePOWER Services.

Following the update I noticed that the FirePOWER tab in ASDM was missing. Also, in FireSIGHT management center, I got a Appliance Heartbeat notification that the firewall is not sending heartbeats.

 

I tried figuring out was was going on but after a couple of days of googling I have given up. At first I wanted to check whether the FTD service was started but it seems like it isn't installed on the firewall anymore. I check by listing the module services.

I then tried updating the Management Center (VM) as much as I could, thinking there might be a version conflict. That didn't help either.

 

I hope someone can point me in the right direction to get this operational again. Here are a few screenshots of what versions are in use:

 

 

 

 

ASA_File_Management.pngFireSIGHT_Management_Center.png

 

 

 

Labels:
Preview file
70 KB
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-03-2018 05:23 AM

Please refer to the release notes for ASA 9.10(1):

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa910/release/notes/asarn910.html#reference_qy2_c4j_xdb

 

"No support in 9.10(1) for the ASA FirePOWER module on the ASA 5506-X series and the ASA 5512-X—The ASA 5506-X series and 5512-X no longer support the ASA FirePOWER module in 9.10(1) and later due to memory constraints. You must remain on 9.9(x) or lower to continue using this module. Other module types are still supported. If you upgrade to 9.10(1), the ASA configuration to send traffic to the FirePOWER module will be erased; make sure to back up your configuration before you upgrade. The FirePOWER image and its configuration remains intact on the SSD. If you want to downgrade, you can copy the ASA configuration from the backup to restore functionality."

0 Helpful

drwhq
Level 1
Level 1
In response to Marvin Rhoads

‎12-03-2018 05:46 AM

Hi Marvin,

Thanks for the quick response. Are we SOL when it comes to running FirePOWER and using the latest software versions?

Are there any alternatives? How about if we replaced the ASA software running on the firewall with the other type (I can't remeber exactly what it is called)? Gotta ask this as well, would physically upgrading the memory on the firewall allow us to continue using FirePOWER with ASA software version 9.10?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to drwhq

‎12-03-2018 05:56 AM

You're welcome @drwhq

 

Cisco won't allow ASA software 9.10(1) to co-exist with an active Firepower service module on the 5506-X or 5512-X. It's due to the upcoming Firepower 6.3 release.

 

That applies whether it's a Firepower service module running on top of ASA software or if it's an ASA appliance imaged with Firepower Threat Defense (FTD) software. In the latter case, 6.2.3.x will be the last supported release on those platforms.

 

Memory is not upgradable on those appliances.

 

So - yeah - "SOL".

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card