11-30-2017 04:28 AM - edited 02-21-2020 06:52 AM
Hi all
I'm in the process of upgrading the firepower software on a Cisco 5525-X. I have updated the boot firmware to 6.2.2. Once I get into the module using the module sfr command i then enter setup to configure the ip address for the firepower module.
My question is, what physical interface on the firewall is this ip address binded to? does the firepower ip address have to be in the same subnet as the inside interface ip? Once i can get the firepower talking to filezilla server, i can then upgrade the rest.
Thanks
11-30-2017 04:52 AM
11-30-2017 06:01 AM
Thanks for the answer. I shall give it a go.
12-01-2017 07:02 PM
hi,
the FP module logical eth0 interface is binded to the ASA chassis management0/0 interface.
both the FP module interface and ASA management interface can be on the same subnet (for IP design ease) BUT the management functions are separate. meaning, you SSH/ASDM to ASA management0/0 IP while you use the FP module IP for FMC device registration.
here's a useful link for the ASA FP module upgrade process.
http://ccnpsecuritywannabe.blogspot.com/2017/09/cisco-asa-firepower-module-upgrade.html
12-02-2017 07:20 AM - edited 12-02-2017 06:32 PM
@johnlloyd_13 note that the question was about the 5585-X. Those are a bit different in that they use a hardware module. As Micke noted, connectivity is via interface management 1/1 - e.g. the interface on the Firepower SSP module in slot 1.
(corrected information below - Thanks John)
12-02-2017 05:57 PM - edited 12-02-2017 05:58 PM
hi marvin,
OP said it was for a 5525-X. look closely further above :)
"I'm in the process of upgrading the firepower software on a Cisco 5525-X."
12-02-2017 06:31 PM
Oh - sorry about that John. You are right. Time to get my glasses checked. :)
On the ASA 5525-X the Firepower module indeed uses interface Management 0/0. That applies to the 5512-X, 5515-X, 5525-X, 5545-X and 5555-X.
On the 5506-X, 5508-X and 5516-X they number the sole management interface "Management 1/1".
The 5585-X has two management interfaces - Management 0/0 on the base ASA and Management 1/0 on the SSP. The latter is used for the Firepower SSP.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide