Note: the URL has TWO forward slashes in it not one, (Cisco update your documentation!)
Now you can install the software package on the SFR module. We suggest you use static addressing instead. To change, if it does change, the system will stop functioning correctly. You have selected IPv6 stateless autoconfiguration, which assigns a global addressīased on network prefix and a device identifier. IPv6 Configuration:Stateless autoconfiguration Stateless autoconfiguration will be enabled for IPv6 addresses.Įnter the primary DNS server IP address: 192.168.1.10ĭo you want to configure Secondary DNS Server? (y/n) : Nĭo you want to configure Local Domain Name? (y/n) : YĮnter the local domain name: ĭo you want to configure Search domains? (y/n) : YĮnter the comma separated list for search domains: ĭo you want to enable the NTP service? : YĮnter the NTP servers separated by commas: 194.35.252.7,130.88.202.49,93.93.131.118ĭo you want to enable the NTP symmetric key authentication? : N Welcome to Cisco FirePOWER Services SetupĮnter a hostname : Firepower-Moduleĭo you want to configure IPv4 address on management interface?(y/n) : Yĭo you want to enable DHCP for IPv4 address assignment on management interface?(y/n) : NĮnter an IPv4 address : 192.168.1.253Įnter the netmask : 255.255.255.0Įnter the gateway : 192.168.1.254ĭo you want to configure static IPv6 address on management interface?(y/n) : N ̼isco FirePOWER Services Boot Image 6.4.0 This would be a good time to go get a coffee, it doesn’t take that long, the documentation at Cisco says 5 minutes, I’d wait at least 10! You then need to login to the SFR module and give it a basic config Ĭonnected to module sfr. Mod-sfr 53> starting Busybox inetd: inetd. Mod-sfr 52> acpid: opendir(/etc/acpi/events): No such file or directory Mod-sfr 51> acpid: starting up with proc fs
Mod-sfr 50> Starting Advanced Configuration and Power Interface daemon: acpid. Mod-sfr 661> *** EVENT: Start Parameters: Image: /mnt/disk0/vm/vm_1.img, ISO: -cdrom /mnt/disk0 Mod-sfr 657> *** EVENT: Disk Image created successfully.
Mod Status Data Plane Status Compatibility Sfr ASA FirePOWER Not Applicable 5.4.1-211 Mod SSM Application Name Status SSM Application Version Mod MAC Address Range Hw Version Fw Version Sw Versionġ 8 to 1 1.1 1.1.8 9.5(2)2 Sfr FirePOWER Services Software Module ASA5506 JAD200XXXXX X with SW, 8GE Data, 1GE Mgmt, AC ASA5506 JAD200XXXXX IF YOU LOOK AT THE MODULES STATUS IT WILL SAY 'RECOVER' pkg as downloadable MIME objects or it wont work.Ĭonnect to the firewall via command line, and check that the module is ‘Up’ and take a note of the current software version Note: If using Microsoft IIS you need to add. A Web Server, (or FTP server) setup, with the files above available for ‘download’ into the FirePOWER module.
A Firepower Software Package (i.e. asasfr-sys-6.0.0-1005.pkg) this is a BIG file (over a Gigabyte) – download from Cisco.This process works on the ‘baby ASA’s,’ i.e 5506-X and 5508-X, and also on the larger models i.e 5512-X upwards (but NOT the 5585-X, that has a hw-module not a sw-module).
Normally I only have to do this if something’s gone wrong, and I can’t contact the module, or I’ve go a lot of them to do, and I don’t have direct management access.
Note: This ASDM upgrade will fail if the module is being managed by the FirePOWER Management center (FireSIGHT), you can update it from there, or remove the peer association, then update it. See Updating FirePOWER Module (From ASDM) The process is a LOT EASIER to do in the ASDM, I’m not usually an advocate of the GUI, but if you can access the FirePOWER settings that way, it will do all the hard work for you, (see below). (Remember if you set the FirePOWER module to ‘fail-closed’, you will lose internet access, so you might want to change that to ‘fail-open’ as well). This takes ages! Seriously, if it’s late in the afternoon you might want to do this tomorrow morning, or leave the re-imaging running overnight.