Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1573
Views
0
Helpful
2
Replies

Reimage a firepower SFR module on ASA 5585-X without console access?

Chess Norris
Level 4
Level 4

‎05-25-2021 07:29 AM - edited ‎05-25-2021 07:31 AM

Hello,

We have a firepower sfr module that we can't access via ssh or via the ASA cli and I suspect that we need to do a reimage.

I have done reimage of sfr modules on smaller ASA models before, but I believe it's a bit different on the ASA 5585-X. The sfr module is hardware based on the 5585-X vs software based on other asa models. 

When checking the installation guide, it looks like it's possible to install a new sfr module on the 5585-X without the need of console access, but I also read the following regarding reimage.

  • In order to completely reimage the SFR module on an ASA 5585-X, you must use the management Ethernet interface and a console session on the serial management port, which are on the SFR module and separate from the ASA's management interface and console.

So it looks like a serial consol connection is necessary. If someone can point me to a reimage guide for the sfr module on a 5585-X it would be greatly appreciated.

 

Thanks

/Chess

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-25-2021 08:23 AM

It's 95% the same as remaging on a software module that the other ASA hardware appliance models use.

The difference is that, where we can just session into the console from the ASA cli on other models, we have to physically connect to the Firepower SSP module on a 5585-X. It also needs to use its management interface to copy the system images.

0 Helpful

Chess Norris
Level 4
Level 4

‎05-26-2021 01:44 AM

Thanks Marvin,

The thing that are a bit confusing though, is that I  can use the "session 1" command from the ASA 5585-X to access the module directly from the ASA cli. But do you mean that even if we can access the module with the session 1 command, we still need serial console access in order to do the reimage? Below is the output when using the "session 1" command to access the the module from asa cli:

  EXTFW-02/sec/stby# session 1
Opening command session with module 1.
Connected to module 1. Escape character sequence is 'CTRL-^X'.

FP2 login:

 

Thanks

/Chess

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card