Software-defined WAN (SD-WAN) is a technology that determines the most effective way to route traffic to and from datacenter sites. Register for the webinar today to learn how your business can benefit from SD-WAN!
FirePOWER configuration not available on new ASA 5506-X
We have a new Cisco ASA 5506-X. We have it connected up as per the supplied diagram (Management 1/1 connected to GE1/3) and are able to access the ADSM and CLI as normal. However, this device has "FirePOWER Services" but we are unable to see how to configure this. According to the quick start guide (https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5506X/5506x-quick-start.html), we run the Startup Wizard and should get to the "ASA FirePOWER Basic Configuration"; however, this does not appear.
Here is our "show version":
The ASA is on its default IP of 192.168.1.1. We have reset it to factory defaults and upgraded both ASA and ASDM to no effect.
How can we configure the FirePower services?
Here is our "show version":
Cisco Adaptive Security Appliance Software Version 9.9(2)
Firepower Extensible Operating System Version 2.3(1.84)
Device Manager Version 7.9(2)
Compiled on Sun 25-Mar-18 17:29 PDT by builders
System image file is "disk0:/asa992-lfbff-k8.SPA"
Config file at boot was "startup-config"
ciscoasa up 20 mins 29 secs
Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
Internal ATA Compact Flash, 8000MB
BIOS Flash M25P64 @ 0xfed01000, 16384KB
The ASA is on its default IP of 192.168.1.1. We have reset it to factory defaults and upgraded both ASA and ASDM to no effect.
How can we configure the FirePower services?
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
You might want to turn the BVI off as well (I hate that!)
Cisco ASA 5506-X: Bridged BVI Interface
Pete
Cisco ASA 5506-X: Bridged BVI Interface
Pete
Thanks. Response doesn't look good to the "show module" command:
ciscoasa(config)# sh module
Mod Card Type Model Serial No.
---- -------------------------------------------- ------------------ -----------
1 ASA 5506-X with FirePOWER services, 8GE, AC, ASA5506 JAD194xxx
sfr Unknown N/A JAD194xxx
Mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
1 84b2.xxxx.4d22 to 84b2.xxxx.4d2b 1.0 1.1.12 9.9(2)
sfr 84b2.xxxx.4d21 to 84b2.xxxx.4d21 N/A N/A
Mod SSM Application Name Status SSM Application Version
---- ------------------------------ ---------------- --------------------------
Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
1 Up Sys Not Applicable
sfr Unresponsive Not Applicable
How long has the firewall been up - they take AGES to start properly? Give it a good 20 minutes, if it still wont come up, don't panic, you can re-image it
Re-Image and Update the Cisco FirePOWER Services Module
Pete
Re-Image and Update the Cisco FirePOWER Services Module
Pete
Yes, it hadn't been up that long. Have now started a re-image, currently it's showing:
... which I guess means it's working?
Also we formatted the flash and so lost the licence key, but that's another story...
Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
sfr Recover Not Applicable
... which I guess means it's working?
Also we formatted the flash and so lost the licence key, but that's another story...
Hi David,
Reimaging the SFR takes hours!!! leave it running overnight bud :) It wont effect the firewall traffic.
>>Also we formatted the flash and so lost the licence key,
If you have the chassis number you can get the activation key from Cisco.
Reimaging the SFR takes hours!!! leave it running overnight bud :) It wont effect the firewall traffic.
>>Also we formatted the flash and so lost the licence key,
If you have the chassis number you can get the activation key from Cisco.
>>If you have the chassis number you can get the activation key from Cisco.
Even if you don't have a contract and bought it second hand?
Even if you don't have a contract and bought it second hand?
Mmm - depends on what sort of mood front line support are in!
This might work
1. Create a Cisco CCO account (this is free).
2. Go to http://www.cisco.com/web/go/license
3. Log in.
4. You need to register a licence, there will be an option that looks like "I don't have a PAK' click that.
5. Look for Cisco ASA 3DES/AES Licence > click that.
6. Enter your chassis number (from show version).
7. You will be emailed an activation key.
8. On the ASA, drop to config mode, and enter the new activation key.
9. Sit back light your pipe, and admire your handiwork.
Pete
This might work
1. Create a Cisco CCO account (this is free).
2. Go to http://www.cisco.com/web/go/license
3. Log in.
4. You need to register a licence, there will be an option that looks like "I don't have a PAK' click that.
5. Look for Cisco ASA 3DES/AES Licence > click that.
6. Enter your chassis number (from show version).
7. You will be emailed an activation key.
8. On the ASA, drop to config mode, and enter the new activation key.
9. Sit back light your pipe, and admire your handiwork.
Pete
Yes, that worked! However, the licence shows up as base (but with 3DES and so forth, which it didn't have before) whereas it should be Security Plus.
Not sure what to do next; raise a support request?
The SFR is (presumably) happily reimaging, by the way. Will leave it overnight as you suggest.
Not sure what to do next; raise a support request?
The SFR is (presumably) happily reimaging, by the way. Will leave it overnight as you suggest.
>>Not sure what to do next; raise a support request?
Yes they've just given you a licence and its wrong! you can complain now that their licence broke your firewall!
>> Will leave it overnight as you suggest.
Yes they take ages, I update them as soon as they come in now while Im doing other things.
Yes they've just given you a licence and its wrong! you can complain now that their licence broke your firewall!
>> Will leave it overnight as you suggest.
Yes they take ages, I update them as soon as they come in now while Im doing other things.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
ASA Setup FirePOWER Services (for ASDM)
Pete