09-22-2017 04:09 AM - edited 02-21-2020 06:20 AM
Hello!
So I am in the proccess of getting the FirePower up and running on our firewall pair.
As I have basically no experience with FirePower, I am facing some problems and questions that I have not been able to find the right answers. So, here goes:
1. Is it a must to have a SSD drive in the ASA?
fw-A5512-r5/pri/act# show inv
Name: "Chassis", DESCR: "ASA 5512-X with SW, 6 GE Data, 1 GE Mgmt, AC"
PID: ASA5512 , VID: V06 , SN: FTX
Name: "Storage Device 1", DESCR: "Model Number: Micron_M600_MTFDDAK128MBF"
PID: N/A , VID: N/A , SN: MSA
2. We have not purchased any licenses, we only have the CTRL license that came with the device. Still, I am unable to use it as I can't get the module to show up in the ASDM to generate a license key from the PAK. Which licenses are essential to use FirePower?
3. The device came with the boot file, but as we did not purchase any support services, I am unable to download the .pkg system file - is that the reason why the sfr module is stuck in recover mode? I have tried uninstalling it and booting it, I can access the module console and run the setup command, but that is all.
fw-A5512-r5/pri/act# show module
Mod Card Type Model Serial No.
---- -------------------------------------------- ------------------ -----------
0 ASA 5512-X with SW, 6 GE Data, 1 GE Mgmt, AC ASA5512 FCH211879K4
ips Unknown N/A FCH
cxsc Unknown N/A FCH
sfr Unknown N/A FCH
Mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
0 70df.2f32.3bea to 70df.2f32.3bf1 3.1 2.1(9)8 9.8(1)
ips 70df.2f32.3be8 to 70df.2f32.3be8 N/A N/A
cxsc 70df.2f32.3be8 to 70df.2f32.3be8 N/A N/A
sfr 70df.2f32.3be8 to 70df.2f32.3be8 N/A N/A
Mod SSM Application Name Status SSM Application Version
---- ------------------------------ ---------------- --------------------------
ips Unknown No Image Present Not Applicable
cxsc Unknown No Image Present Not Applicable
Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
0 Up Sys Not Applicable
ips Unresponsive Not Applicable
cxsc Unresponsive Not Applicable
sfr Recover Not Applicable
Mod License Name License Status Time Remaining
---- -------------- --------------- ---------------
ips IPS Module Disabled perpetual
fw-A5512-r5/pri/act# show module sfr det
Getting details from the Service Module, please wait...
Unable to read details from module sfr
Card Type: Unknown
Model: N/A
Hardware version: N/A
Serial Number: FCH211879K4
Firmware version: N/A
Software version:
MAC Address Range: 70df.2f32.3be8 to 70df.2f32.3be8
Data Plane Status: Not Applicable
Console session: Ready
Status: Recover
fw-A5512-r5/pri/act# sess sfr cons
Opening console session with module sfr.
Connected to module sfr. Escape character sequence is 'CTRL-^X'.
Cisco FirePOWER Services Boot Image 6.2.0
FirePower login: admin
Password:
Cisco FirePOWER Services Boot 6.2.0 (2)
Type ? for list of commands
FirePowerboot>show version
Cisco FirePOWER Services Boot 6.2.0 (2)
4. Do I need to have Firesight or some other software to manage the module or can I do it all through ASDM?
Thanks!
09-22-2017 05:11 AM
1) You can't install SFR without SSD. But that's fine as you have one.
2) The CTRL-License is enough for the start. But you won't have services like IPS, AMP or URL-filter.
3) Installing SFR is a process of multiple steps. It starts with having the software. And for that, you need at least a service contract.
4) You can manage it through ASDM, but the Firepower Management Center will give you much more features and insight into your network. If you have a host to install it, it's a useful tool.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide