Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
911
Views
5
Helpful
2
Replies

Re-Installing Firepower on ASA

HimeshGohil
Level 1
Level 1

‎08-25-2021 03:05 AM

I've got issues with a Firepower Module on our system and will be re-installing it.

I've researched the method and I've never done this before and would appreciate a sanity check to see if I'm missing anything before I go ahead and submit the change documents

 

Our setup is

Four ASA 5555-x with Firepower configured as two separate active/passive failover pairs

ASDM for ASA management

FMC 6.0 for Firepower management

 

High level plan

Collect the following info

Hostname =

Network Address =

Subnet Mask =

Gateway =

DNS Servers =

Local Domain Name =

Search Domain =

NTP Server =

Issue the command show summary and make note of the result

 

Ensure the ASA and Firepower is in fail open mode

Ensure the node I'm working on is the standby

Remove the Module form the FMC

Shutdown and remove the FP module

Install a new (supported in the ASA and FMC matrix) image

"Mount" and config the SFR

Install the relevant software package

config the SFR

Add the FP module back into the FMC

 

Does this sound solid?

Is there any more info I should collect to ensure it's all smooth? Maybe licences?

Will adding the Module back into the FMC reload the policies or is there additional config I will need to do once I do so?

 

I have the process fully documented. If anybody is interested in seeing it I'm happy to share although I'm not planning to post it here as this post is quite long already.

 

Thanks in advance

0 Helpful
2 Replies 2

Chakshu Piplani
Cisco Employee
Cisco Employee

‎08-25-2021 04:14 AM

Small advise, You can edit the IP and rename the dead SFR on FMC, instead of deleting it completely from the FMC, also remove the licenses for it via FMC, by editing the existing device, and unchecking the licenses.

image.png

 

But dont delete it from FMC, as you might want to refer to the old SFR for zone mapping etc.

Licenses for SFR are classic licenses so that would remain on the FMC, under system--> licenses, since you are re-imaging it, the mac address would remain same.

You can delete the old one in there once you are satisfied with the new one working.

 

Regards,

Chakshu

 

Do rate helpful posts!

HimeshGohil
Level 1
Level 1
In response to Chakshu Piplani

‎08-25-2021 05:46 AM

Thank you Chakshu, that's a really good tip.

I'll add that to my plan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card