Solved: Reimage the Firepower 2100 Series to an ASA Image

eblandon · ‎09-18-2017

Hi All;

There is Cisco Firewpower 2110 however is not going into dpeloyment due to the fact that it does not support multicontext at this stage.

We are thinking in going to use the 2110 with an ASA image and run it like that for a while till the multicontext capability is available on the Cisco Firepower 2110.

What is the best way to do this and what image from ASA would be the best to use on this scenario where I would be able to support multicontext with the new ASA image.

I have a look at this link : https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html?dtid=osscdc000283#id_57089

However I would like to know what is the best ASA image that I can use and what would be the best process moving forward. Additionally , is there any timeline for multicontext to be supported on Firepower 2110?

Thank you.

Enrique.

Marvin Rhoads · ‎09-19-2017

As of right now, ASA 9.8.2 (file name cisco-asa-fp2k.9.8.2.SPA) is the only release available for the Firepower 2100 series appliances.

It can be found here:

https://software.cisco.com/download/release.html?mdfid=286312080&flowid=82688&softwareid=280775065&release=9.8.2&relind=AVAILABLE&rellifecycle=&reltype=latest

Multiple context support release date has not been announced. The only thing I thinks it's safe to say for now is that it won't be available in 2017.

Unless you have a requirement for true multitenancy and/or overlapping subnets, you can often accomplish similar things with security zones on FTD that used to require multi-context on the ASA.

View solution in original post

Marvin Rhoads · ‎09-19-2017

As of right now, ASA 9.8.2 (file name cisco-asa-fp2k.9.8.2.SPA) is the only release available for the Firepower 2100 series appliances.

It can be found here:

https://software.cisco.com/download/release.html?mdfid=286312080&flowid=82688&softwareid=280775065&release=9.8.2&relind=AVAILABLE&rellifecycle=&reltype=latest

Multiple context support release date has not been announced. The only thing I thinks it's safe to say for now is that it won't be available in 2017.

Unless you have a requirement for true multitenancy and/or overlapping subnets, you can often accomplish similar things with security zones on FTD that used to require multi-context on the ASA.

eblandon · ‎09-26-2017

Thank you Marvin for the answer , very helpful .

I would like to confirm that if I use the ASA image on my 2100 Applicance I will not be able to use the FTD licences Malware and Threat , that I have got on my original purchase?

Let me know if I am correct.

Enrique.

Marvin Rhoads · ‎09-26-2017

Correct.

Firepower appliances (2100, 4100 or 9300 series) running ASA image (also known as logical device) does not support the Firepower service module and thus cannot use either any of the Threat (IPS), URL or Malware FTD-type licenses. The same goes for Firepower service module Control + Protect licenses as well.

You basically have a really fast ASA without any of the NGIPS features.

asafirepower · ‎04-18-2018

Marvin,

Has this changed at all that the Firepower 2100 running ASA still can't do Threat(IPS), URL or Malware?

Marvin Rhoads · ‎04-18-2018

@asafirepower

That hasn't changed and it won't be changed. The ASA image will only ever have base ASA features.

FTD is the unified image and that's where everything will be merged going forward.