Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3134
Views
20
Helpful
12
Replies

Reimage Cisco ASA 5508-x from FTD to ASA

tbry681027971
Level 1
Level 1

‎05-05-2020 07:48 AM

Hi everyone

 

I have a Cisco ASA 5508-x with Cisco Firepower Threat Defense to configure. I've found on the internet that by default Firepower Device Manager is the main admin configuration interface. 

I wanted to access Cisco ASA CLI and maybe the web management interface. From what I saw, we need to reimage the firewall to installa Cisco ASA iOS.

However I would like to make sure that I won't lose the licence given with the hardware if I do that.

Besides I got the CCNA certification and I wonder if I am entitled to access ressources such as Cisco iOS.

 

I hope someone can help me

 

0 Helpful
12 Replies 12

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-05-2020 09:53 AM

If you change to ASA image your Firepower licenses will be not applicable as they only apply to the current FTD image.

Having any Cisco certification does not grant you any entitlement to download Cisco software images. For that entitlement you need a support contract.

Michael ONeil
Level 1
Level 1

‎05-07-2020 09:35 AM

The FTD does have a CLI interface.

From the SSH session to the FTD, run system support diagnostic-cli

hit enter if you get prompted for a password

With this CLI access to the FTD you can ONLY run show commands, packet-tracer, debug, captures etc

then to exit, just type exit several times to get back to the SFR prompt

 

The FDM is accessed via https://<management ip>

FDM is basic management, while FMC is more feature rich.

0 Helpful

tbry681027971
Level 1
Level 1
In response to Michael ONeil

‎05-08-2020 10:21 AM

Hello

I’ve already tried these command but I did not enables me to configure the firewall.
I saw some thins about FMC. Do you know where I can download this and how do I have to proceed for the installation?

From what I saw, FMC is more useful when we have a lot of firewall to manage. In my case there’s only one.

Thank you
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to tbry681027971

‎05-08-2020 10:56 PM

FMC is not free. It requires purchasing a license. Only with a purchased license will you be entitled to download and use it.

If you are just managing one small ASA with FTD image, then the free on-box FDM is usually sufficient for 90%+ of the use cases.

0 Helpful

tbry681027971
Level 1
Level 1
In response to Marvin Rhoads

‎05-09-2020 04:53 AM

I have to configure three xDSL WAN access and I didn’t find any option to set a PPPoE interface.
I also have to set up VPN access and I did not find these option too.

Is it possible to do this with FDM ?
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to tbry681027971

‎05-09-2020 05:08 AM - edited ‎05-09-2020 05:10 AM

PPPoE support for FDM was added in version 6.6.

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/fptd-fdm-interfaces.html#concept_92B885383C1C41E18EF091FFBB4E1569

Any earlier versions require using FMC.

Here you can see it in the FDM interface configuration on an FTD 6.6 device:

FDM PPPoEFDM PPPoE

tbry681027971
Level 1
Level 1
In response to Marvin Rhoads

‎05-09-2020 05:32 AM

I just checked my version it is 6.2.3-83.
Is it possible to update the firewall to the 6.6 ?
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to tbry681027971

‎05-09-2020 05:57 AM

As already noted in the first reply to this thread - a support contract will entitle you to download images (including upgrades).

The 5508-X does support version 6.6:

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/relnotes/firepower-release-notes-660/compatibility.html#id_107242

0 Helpful

tbry681027971
Level 1
Level 1
In response to Marvin Rhoads

‎05-09-2020 06:38 AM

Ok thank you very much.
I just don’t understand why shall I have to subscribe a contract for a just unboxed product.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to tbry681027971

‎05-09-2020 07:42 PM

Cisco's (and most other major networking vendors') business model is primarily designed around selling to enterprises. Part of that model is that services and software updates are obtained via a paid support contract.

It can be frustrating to the individual user but it's been that way for decades and not likely to change anytime soon.

0 Helpful

tbry681027971
Level 1
Level 1
In response to Marvin Rhoads

‎05-10-2020 12:48 AM

Ok I understand.
Do you know how I can subscribe to a paid support ? I did not find anything on Cisco website.
My Cisco Smart Account is pending approval
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to tbry681027971

‎05-10-2020 05:45 AM

Cisco doesn't sell it directly to the public. Both individuals and companies purchase via Cisco distributors and partners.

The SKU (Stock Keeping Unit AKA part number) for an ASA 5508-X with FTD image is "CON-SSSNT-ASD5508F", a support contract available in 1-, 3- or 5-year terms. It provides software image entitlement as well as 24-7 Cisco TAC support and hardware support.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card