ASA5506 SFR Reporting

I have a Cisco ASA5506-X with Firepower Services. I currently have the SFR set up in monitor-only (passive) mode. All traffic is being sent to the SFR. However in the ASDM (7.4) under the "ASA FirePOWER Reporting" tab, all of the field simply say "No Data Available". No Matter what I try I cannot get data to show up in the GUI.

I know that traffic is being sent to the SFR by running a "Show Service-Policy" command from the CLI.

    Class-map: global-SFR
      SFR: card status Up, mode fail-open monitor-only
        packet input 0, packet output 1061008, drop 0, reset-drop 0

Plenty of traffic hitting the SFR, but no data being returned.

Any Help?!?
AlfaTLimaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ken BooneNetwork ConsultantCommented:
So I have done a few sfr modules on larger firewalls that require the Firesight Management Console.  In those cases there were licenses that had had to be set up in the Firesight Mgmt Console pertaining to the type of license you purchased... i.e. control license which provides IPS and AVC, URL license and AMP license.  Each one of the licensesed had to be installed and applied to that SFR.  Then on top of that, certain things had to be configured to see AVC traffic, and other policies had to be configured for AMP stuff before you see any data.

Having said that I don't how the licenses are applied on the 5506 model with the management built into the ASDM.  I would look at that first and if that is setup i would think you should see data for IPS right off the bat.
0
AlfaTLimaAuthor Commented:
Maybe this will be a really stupid question, but does the 5506 require licenses to be applied even to see data? I didn't purchase any additional licenses, so this is a base image. Sorry, Cisco licensing i over my head.
0
Ken BooneNetwork ConsultantCommented:
Well - I know how it works on the 5512-x and up but not on the 5506.  That is pretty new.  Here is a quick step guide for the 5506-x.  You might have already gone through this:

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5506X/5506x-quick-start.html#27239

According to this doc:

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-x-series-next-generation-firewalls/guide-c07-732249.html

The 5506 Firepower module still needs to be licensed but it can be licensed through the ASDM.  Depending on what subscription level service you purchased will depend on the licenses you have to enable.  You might have bought this in a bundle I dunno.

You really have to go way down in the doc to see the stuff on the 5506-X.  5512-X an above all require the an additional Firesight Management Console to be purchased in order to manage the SFR.  However, the 5506 and 5508 do not require that so things are a little different.

Hope this helps.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AlfaTLimaAuthor Commented:
Sadly, I applied a trial license that Cisco provided me, but still not seeing data.Screen-Shot-2015-05-06-at-4.12.53-PM.png
0
Ken BooneNetwork ConsultantCommented:
Well I know in order to get the larger models running you have to do some configuration.  You have to define a policy that defines the traffic that you want to look at on the SFR.  So you did the first part in the ASA by defining what traffic the ASA will send to the SFR, but in the SFR you have to define a policy that defines the type of traffic you want it to look at and what specifically you want to look at.  There is an IPS policy, file policy, url filtering policy, etc..  You have to build the policy and apply it to the SFR.  My guess is that either you don't have your policy built right or this unit might be much different than the other SFRs since you are using ASDM to configure the SFR.  

Since you have a license for it.. just open up a tac case and have one of the cisco engineers look at it.  I'm sure it's a quick couple items you need to get it going.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.