Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
921
Views
0
Helpful
2
Replies

upgrade firepower running within asa inbuilt

Go to solution
evan.chadwick1
Level 1
Level 1

‎04-29-2016 12:56 PM - edited ‎03-12-2019 05:59 AM

I have a 5506-x running 9.5.1 asa and 5.4.1 sfr.

I had't used it for a while and ran the configure manager command from the sfr cmd line. I read that the DB variable for sfr running within a 5506 can become corrupted. It seems it has as it won't register with my asa now. 

If I go to configure>local>register it is stuck on pending registration. Same on the sfr cmd line.

This is a device I got through a course within a year still. Does this mean one is not allowed to ever upgrade it or download the install images? can I register it to my account?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
yogdhanu
Cisco Employee
Cisco Employee

‎04-30-2016 03:39 AM

Hi

When you use configure manager on SFR , it expects to register to a firepower management center aka Defense center.

See this article .

http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118596-configure-firesight-00.html

So once you configure manager address in sfr , you need to finish the registration process in the separate manager as well.

If you are not running a separate management center , then I believe you  want to manage both ASA and SFR module using ASDM.

You can do that but for that you don't need to configure manager. So if you are doing that , please delete the manager using "configure manager delete " command and make sure the PC running ASDM can reach sfr module and vice-versa.

Check this article to make sure you are running of the scenarios.

http://www.cisco.com/c/en/us/support/docs/security/ips-sensor-software-version-71/113690-ips-config-mod-00.html#scenario1

Check this article to know more about how can you use ASDM to manager Firepower /SFR module

http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541.html

Rate if it helps.

Yogesh

View solution in original post

0 Helpful
2 Replies 2

Go to solution
yogdhanu
Cisco Employee
Cisco Employee

‎04-30-2016 03:39 AM

Hi

When you use configure manager on SFR , it expects to register to a firepower management center aka Defense center.

See this article .

http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118596-configure-firesight-00.html

So once you configure manager address in sfr , you need to finish the registration process in the separate manager as well.

If you are not running a separate management center , then I believe you  want to manage both ASA and SFR module using ASDM.

You can do that but for that you don't need to configure manager. So if you are doing that , please delete the manager using "configure manager delete " command and make sure the PC running ASDM can reach sfr module and vice-versa.

Check this article to make sure you are running of the scenarios.

http://www.cisco.com/c/en/us/support/docs/security/ips-sensor-software-version-71/113690-ips-config-mod-00.html#scenario1

Check this article to know more about how can you use ASDM to manager Firepower /SFR module

http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541.html

Rate if it helps.

Yogesh

0 Helpful

Go to solution
evan.chadwick1
Level 1
Level 1
In response to yogdhanu

‎05-01-2016 04:56 PM

Thanks, I figured so. 
Running the configuration manager command on an inbuilt asa/sfr seems to be not a good idea. As it prevented me from upgrading the box easily via asdm. 

Pushing out the upgrade from asdm continually had an issue as it kept saying sfr is in registration mode. Deleting via the config manager delete command would't work either. 


So down the rode of uninstall, boot image, pkg deployment it was. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card