Re: Missing Firepower Configuration Tab in ASDM

limlayhin · ‎03-19-2019

I just recently install Firepower module into my pair of HA Cisco ASA 5525-X.

In my secondary firewall (it was my active firewall yesterday), I was able to access Firepower configuration Tab yesterday but today the tab is missing. I can only see "Firepower Status" Tab but cannot see "Firepower Dashboard" and "Firepower Reporting" Tab.

In Configuration panel, "Firepower Configuration" also missing.

I understand from other forum topic that this may be due to Java version issue. My java is running on latest version, which is version 8.

Strange thing is, my ASA is runnning on HA, and I am able to view all the Firepower tab in my primary firewall but not my secondary firewall. As such, I think Java is working fine in my client machine.

I tested using another client machine, same result. Primary firewall is OK but secondary firewall can't see all Firepower configuration tab.

Any help will be greatly appreciated.

Thanks..

limlayhin · ‎03-19-2019

ASA version 9.9.2-40.

Firepower version 6.2.3-83

Abheesh Kumar · ‎03-19-2019

hi,
You are able to view the configuration tab on Active Firewall right...
I think on the secondary configuration tab may not be appear as the configuration need to synced from the active one.

Hope This Helps
Abheesh

Marvin Rhoads · ‎03-19-2019

Compare the output of "show module sfr detail" on both the Active and Standby ASA.

Ensure that the physical management interface is up/up on the switch where the Standby ASA connects.

limlayhin · ‎03-25-2019

This is great info.

I found that in the Active Firewall, I can see management ip.

show module sfr details
Getting details from the Service Module, please wait...

Card Type: FirePOWER Services Software Module
Model: ASA5525
Hardware version: N/A
Serial Number: <removed>
Firmware version: N/A
Software version: 6.2.3-83
MAC Address Range: 88f0.3127.78ec to 88f0.3127.78ec
App. name: ASA FirePOWER
App. Status: Up
App. Status Desc: Normal Operation
App. version: 6.2.3-83
Data Plane Status: Up
Console session: Ready
Status: Up
DC addr: No DC Configured
Mgmt IP addr: 192.168.xx.xx
Mgmt Network mask: 255.255.255.0
Mgmt Gateway: 192.168.xx.xx
Mgmt web ports: 443
Mgmt TLS enabled: true

In my Standby firewall, the Management IP is missing.

show module sfr details
Getting details from the Service Module, please wait...
Unable to read details from module sfr

Card Type: FirePOWER Services Software Module
Model: ASA5525
Hardware version: N/A
Serial Number: <removed>
Firmware version: N/A
Software version: 6.2.3-83
MAC Address Range: 88f0.3127.42ff to 88f0.3127.42ff
App. name: ASA FirePOWER
App. Status: Up
App. Status Desc: Normal Operation
App. version: 6.2.3-83
Data Plane Status: Up
Console session: Ready
Status: Up

I login via session sfr, and I can see IP in eth0

> show interfaces eth0
----------------------[ eth0 ]----------------------
Physical Interface : eth0
Type : Management
Status : Enabled
MDI/MDIX : Auto
MTU : 1500
MAC Address : 88:F0:31:27:42:FF
IPv4 Address : 192.168.xx.xx
IPv4 Broadcast : 192.168.xx.255
RX Packets : 46383
RX Errors : 0
RX Drops : 0
RX Overruns : 0
RX Frame : 0
TX Packets : 79206
TX Errors : 0
TX Drops : 0
TX Overruns : 0
TX Carrier : 0
Collisions : 0
----------------------------------------------------

How can I make the interface eth0 ip appear in management ip?

Abheesh Kumar · ‎03-26-2019

Hi,
Check the physical management interface of the secondary firewall is connected and up. also try reloading the sfr module and check.
sw-module module sfr reload

Hope this helps
Abheesh

limlayhin · ‎04-01-2019

Management interface is up, I can ping the ip address.

Login to session sfr console, run "system reboot". After that, the situation is still the same.

limlayhin · ‎04-01-2019

I am thinking to run "sw-module module sfr recover".
Is it mandatory for me to run "system install pkg_file" after running the recover command?