Yes, associate the file policy (or policies) with ACP entries as appropriate. I say "as appropriate" because it's not always needed - for instance if you are allowing inbound https and not de-encrypting then there is no need to associate a file policy since you will not be able to get the SHA-256 of the file to send to the cloud for analysis. ... View more

Your log attachment shows the module is now in recover mode. You need to go into the module cli and complete the process by doing "Setup" of the boot image and "system install" of the full pkg. https://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configure-firepower-00.html#anc7 ... View more

Note that the ASA 5506 only supports Firepower through version 6.2.3.x. Release 6.3 and higher is not supported on the ASA 5506-x and ASA 5512-X. If you try to install them, they will result in the error you are seeing. ... View more

Later this summer CDO will introduce support for FTD (as of FTD 6.4). It has object re-use across devices. If the Firepower Migration Tool isn't working perhaps you can open a TAC case. ... View more

This is still not a feature in FMC, even with the new 6.3.0. ... View more

I'm not sure what you mean by " I configured the other ports as interface inside using the channel port. " Can you share your current running-configuration? You can definitely use the ASA 5506-X running 9.7(x) or higher with BVI interface to connect multiple computers directly to it (no separate switch involved) and have them all be on the same subnet. They can have access to the outside via the ASA's BVI interface as gateway. ... View more

Unfortunately ASDM doesn't give you this option, even with the latest release. You have to use a third party tool to generate the CSR. Personally I prefer XCA (a free GUI-based certificate management tool) ... View more

All ASAs have a 2 user license for remote access SSL VPN (commonly referred to as "AnyConnect" although the client software support and upgrade entitlement isn't technically included) included by default. More than two users requires purchasing AnyConnect licenses. ... View more

You're welcome. It DOES support it just fine. Many customers use it still today. Even customers with newer hardware and software. What I meant was the upgrade process changes some commands and syntax and that bit doesn't always work properly. If we can figure out what's wrong we can fix that and get things working again with the new software. What happens when it fails? Can you describe in detail and possibly share your configuration? ... View more

Yes, the old Cisco IPsec VPN client works fine - even on much newer ASA software and hardware. There are a lot of things that can go wrong in an upgrade from 7.x to 9.1(7)32 though. Most common is the NAT rules don't work the same due to the upgrade incorrectly parsing the old syntax to the new style. ... View more