Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5172
Views
5
Helpful
3
Replies

FirePOWER Upgrade from 5.3.1 to 6.0 Without FireSight...

fhgateway
Level 1
Level 1

‎02-12-2016 01:15 PM - edited ‎03-12-2019 05:53 AM

My company has 2 ASA 5515X (running ASA 9.5.2, ASDM 7.5.2, and FirePOWER 5.3.1) configured in a failover pair that we have been running for 8 months. When they were installed, the FirePOWER control license was purchased but not FireSight and in our environment, we would rather stay away from running the virtual appliance needed for FireSight. The FirePOWER module was setup and its status reports as up but the configure and monitor options are non-existent in the ASDM (I do see the ASA FirePOWER Status tab on the home page). The traffic has never been set to run through the FirePOWER module yet. Ideally, we would prefer to manage FirePOWER through the ASDM if possible, which from my understanding, is possible if we upgrade our FirePOWER software module from 5.3.1 to 6.0. My questions are as follows:

1. Is it possible to manage FirePOWER on our 5515Xs through the ASDM if we were running the FirePOWER 6.0 software module?

2. If the answer to question 1 is yes, the only instructions I have found for upgrading from FirePOWER 5.3.1 to 6.0 involve using Defense Center (FireSight?) which we do not have and some have said you have to go from 5.3.1 to 5.4 before you can go to 6.0. Can anyone point me to instructions for upgrading my FirePOWER software module from 5.3.1 to 6.0 (I assume using the CLI which I can access the FirePOWER module through)?

Anything I am overlooking? Is it stupid to want to manage FirePOWER through the ASDM instead of using FireSight? Thanks for the help.

-Dylan

Labels:
0 Helpful
3 Replies 3

Sunil Kumar
Cisco Employee
Cisco Employee

‎02-13-2016 02:31 AM

Yes, you can manage the Firepower Module through the ASDM in version 6.0.0. 

You need to re-image the module with version 6.0.0. It will hardly take 45-60 minute. Once you complete the re-image and assign the IP address to SFR module. 

Ensure that management port should have reachability to end system. login to ASA through ASDM and you should able to see one more tab for Firepower Configuration. Just a look on attachment. 

Regards, 

Sunil Kumar

Rate if it helps !!

fhgateway
Level 1
Level 1
In response to Sunil Kumar

‎02-16-2016 11:38 AM

Thank you for the response Sunil. I am glad that we can do what we were hoping to by upgrading to 6.0. Since we are currently at 5.3.1, do we need to upgrade in steps by going to 5.4.1 or since we are just re-imaging, can we go straight o 6.0? It looks like I can follow the "Install or Reimage the Software Module" instructions from this link (http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/firewall/asa-firewall-cli/modules-sfr.html#pgfId-1485825) and that I just need to shutdown and uninstall the FirePower software module, then image using the new 6.0, does that sound correct?

-Dylan

0 Helpful

Sunil Kumar
Cisco Employee
Cisco Employee
In response to fhgateway

‎02-16-2016 05:11 PM

Yes, you are Right. 

Regards, 

Sunil Kumar

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card