05-07-2016 09:43 AM - edited 03-12-2019 12:43 AM
Hello there,
I have Cisco ASA 5515-x version 9.2
But
From the show module command,
It would be better for me to run it in ASA
If it is to be installed
Thank you in advance.
Solved! Go to Solution.
05-07-2016 10:07 AM
Your ASA 5515-X is running the minimum version necessary to support the FirePOWER (sfr) module. The module is also running the initial release of FirePOWER software for ASA module-based FirePOWER.
With that combination of ASA and FirePOWER software on your appliance, you are required to use an external FirePOWER Manager to manage the module (create policies, apply licenses, monitor event etc.)
As of ASA 9.5(1) and FirePOWER 6.0 you have the option to do most of the same functions via ASDM. You would need to upgrade both the ASA (and ASDM) and FirePOWER module to accomplish that.
In either case you would need the Protect and URL Filtering licenses for the FirePOWER module.
The Quick Start Guide is here: http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html
Also see the excellent Lab Minutes vidoe guides for FirePOWER: http://labminutes.com/video/sec/ASA%20FirePower
The ASA and ASDM Software is here:
https://software.cisco.com/download/type.html?mdfid=284143128&flowid=31442
FirePOWER module software is here:
https://software.cisco.com/download/release.html?mdfid=286271171&flowid=77243&softwareid=286277393&release=6.0.1&relind=AVAILABLE&rellifecycle=&reltype=latest
To run FirePOWER Management Center VM, that software is here:
https://software.cisco.com/download/release.html?mdfid=286259687&flowid=54052&softwareid=286271056&release=5.4.1.6&relind=AVAILABLE&rellifecycle=&reltype=latest
All of the above links require a cisco.com userid with entitlement (support contract) to download the software.
05-09-2016 05:49 AM
To do it manually is possible without URL filtering license but much more laborious.
First define the URLs you want to block. Objects > Object management > URL then add the one at a time.
Now that you have the objects defined, build an Access Control policy using them.
Policies > Access Control > New Policy. The Add Rule and choose from the URL tab and sub-tab to pick the objects you created earlier.
This is all in addition to any other Access Policy elements, Network Discovery policy etc.
05-07-2016 10:07 AM
Your ASA 5515-X is running the minimum version necessary to support the FirePOWER (sfr) module. The module is also running the initial release of FirePOWER software for ASA module-based FirePOWER.
With that combination of ASA and FirePOWER software on your appliance, you are required to use an external FirePOWER Manager to manage the module (create policies, apply licenses, monitor event etc.)
As of ASA 9.5(1) and FirePOWER 6.0 you have the option to do most of the same functions via ASDM. You would need to upgrade both the ASA (and ASDM) and FirePOWER module to accomplish that.
In either case you would need the Protect and URL Filtering licenses for the FirePOWER module.
The Quick Start Guide is here: http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html
Also see the excellent Lab Minutes vidoe guides for FirePOWER: http://labminutes.com/video/sec/ASA%20FirePower
The ASA and ASDM Software is here:
https://software.cisco.com/download/type.html?mdfid=284143128&flowid=31442
FirePOWER module software is here:
https://software.cisco.com/download/release.html?mdfid=286271171&flowid=77243&softwareid=286277393&release=6.0.1&relind=AVAILABLE&rellifecycle=&reltype=latest
To run FirePOWER Management Center VM, that software is here:
https://software.cisco.com/download/release.html?mdfid=286259687&flowid=54052&softwareid=286271056&release=5.4.1.6&relind=AVAILABLE&rellifecycle=&reltype=latest
All of the above links require a cisco.com userid with entitlement (support contract) to download the software.
05-08-2016 08:31 AM
Hello Marvin,
Thanks a lot for your input. I did the task as you have suggested and it was quite fruitful.
We have installed the firepower management center in our
Both are
My requirements are simple and all
05-08-2016 08:39 PM
You need to register your FirePOWER module to FireSIGHT. That is a prerequisite. the Quick Start Guide describes how to do so.
You will also need to apply both the control license and purchase and apply the URL filtering license.
Once you have done so, you can use URLs in your Access Policy and deploy that to the managed and licensed FirePOWER modules.
05-08-2016 09:10 PM
Hi Marvin,
The thing that is bothering me is
05-08-2016 10:21 PM
Hi Marvn,
To be precise,
I want to
05-09-2016 05:49 AM
To do it manually is possible without URL filtering license but much more laborious.
First define the URLs you want to block. Objects > Object management > URL then add the one at a time.
Now that you have the objects defined, build an Access Control policy using them.
Policies > Access Control > New Policy. The Add Rule and choose from the URL tab and sub-tab to pick the objects you created earlier.
This is all in addition to any other Access Policy elements, Network Discovery policy etc.
05-11-2016 12:59 AM
Hi Marvin,
I have installed "Sourcefire_Defense_Center_Virtual64_VMware-5
Now
What is difference between
Can you please explain me the whole thing? Sorry for
Thank you in advance.
05-12-2016 10:15 AM
Hello Diwakar,
The answer to your first question is , the engineer must have meant to upgrade the Defence Center (Firesight Management Center ) from existing version of 5.3.1 to 5.4.1.6 which is latest available and stable version . By SFR he means the Firepower device or Firepower SFR module that you have integrated with the ASA firewall. It depends on you what kind of Firepower you have . Verify what kind of Firepower you have like if its a Firepower hardware device or sfr module.
If you have a DC in 5.3.1 version , you just have to upgrade the DC to 5.4 directly. This is a base image FireSIGHT Virtual Defense Center for VMware Package Installer to start the fresh installation from 5.4.0. and then update the patch Sourcefire 3D Defense Center S3 Upgrade 5.4 .
Refer the following release notes for 5.4 upgrade steps and procedures.
http://www.cisco.com/c/en/us/td/docs/security/firesight/540/relnotes/FireSIGHT-System-Release-Notes-v5-4.html#pgfId-51290
5.4 is a major release upgrade due to which it has an installer file as well as a patch.Since you have a 5.3.1 already , you just need to use the patch Sourcefire 3D Defense Center S3 Upgrade 5.4 and update it..
Rate if this post helps you.
Regards
Jetsy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide