I have my pair of cisco asa 5515-x's in an active/standby failover mode. My question is, I have both units with IPS software, how are these configured for failover? I can't console into the secondary ASA so I cant run the setup on the secondary IPS unit? I did on the initial one and gave it an IP address and also updated the image so now they are out of sync.
Last Failover at: 12:27:28 CST Nov 3 2014 This host: Primary - Active Active time: 71896 (sec) slot 0: ASA5515 hw/sw rev (1.0/9.2(2)4) status (Up Sys) Interface outside (220.127.116.11): Normal (Monitored) Interface inside (172.20.16.30): Normal (Monitored) Interface Mgmt (172.20.17.10): Normal (Monitored) slot 1: IPS5515 hw/sw rev (N/A/7.1(4)E4) status (Up/Up) IPS, 7.1(4)E4, Up Other host: Secondary - Bulk Sync Active time: 2386 (sec) slot 0: ASA5515 hw/sw rev (1.0/9.2(2)4) status (Up Sys) Interface outside (18.104.22.168): Normal (Monitored) Interface inside (172.20.16.31): Normal (Monitored) Interface Mgmt (172.20.17.11): Normal (Monitored) slot 1: IPS5515 hw/sw rev (N/A/7.1(9)E4) status (Up/Up) IPS, 7.1(9)E4, Up
#1 is very near end-of-life and would not generally be recommended for new deployments. #2 was Cisco's thrust prior to the Sourcefire acquisition in 2013 and still a quite viable solution. #3 is generally recommended for new deployments, especially if the focus is on IPS capabilities.
We purchased new ones with sourcefire for a new deployment, but these have been sitting for about a year and now just being deployed. Is there a way to update the IPS? Different sku to purchase and can just slide in a new hard drive?
The physical SSD is the same on all the models 5512-X through 5555-X.
The 5585-X uses an SSP hardware blade in the /10, 20, 40 or 60 variant depending on required throughput.)
To switch from classic IPS to FirePOWER (or CX) software module you need to update your licensing, replacing the IPS subscription service with Firepower.
All Cisco ASA with FirePOWER Services appliances ship with a base license for AVC (also known as Apps). Optional subscriptions for IPS, AMP, and URL and content filtering can be added to the base appliance configuration for advanced functionality
The Cisco ASA with FirePOWER Services base configuration includes the Application Visibility and Control (AVC) function by default. This feature provides application identification and control of more than 3,000 applications, detected and classified by risk and business relevance. Customers require a Cisco SMARTnet support contract with each appliance to download application signature updates.
See the graphic attached below for more on that.
The licenses are actually loaded onto the controlling FirePOWER System Manager (FSM) which is an external VM or appliance. With that in hand you would then get the ASA to the prerequisite software level, re-image the software module and use first the bootstrap and then the system software to make the Firepower module up and ready. You run through a small setup script and then do all other operations from the FSM.
Hope this helps. Please mark your question as answered when it has been and rate helpful replies.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...