View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

Home » Security » SEC0158 - ASA FirePower Service Installation

SEC0158 - ASA FirePower Service Installation

Rating: 
5
Average: 5 (7 votes)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
Category: 
Security
The video gets you started on software installation of Cisco ASA FirePower service module and prepare it to be a managed device that will be added later to a FireSight system. The lab assumes no existing FirePower software installation or that you want to replace the previous IPS or CX services on the ASA.
 
Topic:
  • ASA FirePower Software Service
  • ASA FirePower boot and software image
  • ASA FirePower setup wizard
Tag: 
asa
firepower
sourcefire
ngfw
software service

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
http://www.linkedin.com/in/methachiewanichakorn

25 comments

Submitted by Montague on Tue, 12/16/2014 - 08:59

Excellent presentation of a Net New or pre-installed ASA.

Not sure is this is also a Q&A??? I was wondering when in a dual ASA (Active/Failover) environment would the MGMT0 interface be configured with 'standby' as is other interfaces. For example (mgmt0 ip address 192.168.1.1 standby 192.168.1.2) If so, then mgmt0's would require a switch for access to Defense Center ??

All in all, some of the best presentations around !!!
Thanks much

Submitted by admin on Tue, 12/16/2014 - 11:29

If you don't plan to use the mgmt interface to manage the ASA, you don't really need to give it an IP. The SFR is just riding on the mgmt interface but its IP is actually configured on itself so if you have a failover pair, you would configure the SFR IP individually.

Submitted by Ditmar Tavares on Mon, 07/06/2015 - 05:54

so, I am not using the MGT interface on the ASA, how will I access the source fire ? using the inside IP address ?, also when entering the Setup on the bootstrap of the source fire, if I don't enter YES to use the management interface, no IP shows on the summary.
please advise.

Submitted by admin on Mon, 07/06/2015 - 12:47

Mgmt interface is required for Firepower so at minimum, you need that port connected to a switch. You then have a option whether to use mgmt interface for the ASA. If you do, the IP need to be on the same subnet as the FirePower, otherwise you don't need to do anything on the ASA

Submitted by samyise on Thu, 01/29/2015 - 02:24

Hi

did we still need DC to mange the IPS SFR or we can mange this IPS from ASDM

Submitted by admin on Thu, 01/29/2015 - 23:21

As of now, FireSight server is required to manage FirePower Devices.

Submitted by blindhog on Tue, 02/24/2015 - 12:08

Thanks for the videos! I created a config script to go along with the video that I will be using for installs... thought I would share.

http://4peg.com/gGlqMN1dNCHw?FirePOWER%2BBoot%2BImage=asasfr-5500x-boot-...

Submitted by admin on Thu, 02/26/2015 - 18:04

Thank you for sharing!!

Submitted by ekeeus on Fri, 10/09/2015 - 07:51

Thanks for sharing the script. I have an install in 2 weeks and was creating a script. Seen yours and compared it.. Seems like the script hits the nail on the head.

Submitted by mashimaroz on Mon, 05/04/2015 - 07:39

thank you for a great video

Submitted by admin on Mon, 05/04/2015 - 22:20

Thank you for your feedback. We are glad you enjoy our videos.

Submitted by samyise on Mon, 08/24/2015 - 16:58

can we direct traffic to ASA FirePower service module without pathing in ASA

Submitted by admin on Tue, 08/25/2015 - 21:41

Not sure what you mean. The traffic needs to enter ASA in order to be sent to FirePower. What are you trying to accomplish?

Submitted by samyise on Wed, 08/26/2015 - 01:35

i need to enter traffic to firepower without passing on asa , use ports to pass trafice to firepower only like using appliance

Submitted by admin on Wed, 08/26/2015 - 21:09

If you want to SPAN traffic to ASA Firepower, you can use the following commands. The SPAN traffic goes to Gi0/0 of the ASA. Configure FirePower as you would normally.

config t
firewall transparent
int m0/0
  ip address <ASA Management IP> <Netmask>
  route management 0 0 <GW IP>
int g0/0
  traffic-forward sfr monitor-only
write memory
Submitted by Waqar on Thu, 12/10/2015 - 05:11

Thank you for your time :)

Submitted by sherief on Sat, 05/28/2016 - 12:15

Dear Metha,
Have you any video for integration BTW SourceFire and ISE.
BR

Submitted by admin on Sun, 05/29/2016 - 20:10

We do but it is not released online yet. Please visit our store and search for SEC0222.

Submitted by harshshah on Fri, 10/07/2016 - 09:12

I got an error saying

113
Upgrade Aborted

Has anyone faced similar issue?
Is there a workaround for this?

Submitted by admin on Sun, 10/09/2016 - 22:23

Is this a fresh install? What version and hardware are you using? At which point did you encounter the error?

Submitted by Kriegerpiloto on Wed, 04/12/2017 - 01:02

will FirePower Services run on Virtual Machine Lab ?

Submitted by admin on Mon, 04/17/2017 - 22:00

Yes. You have two options: NGIPSv which is a sensor with Firepower feature only and not routed, or FTDv which can either be a just a sensor or fully function ASA+Firepower FW.

Submitted by ccie16739 on Wed, 02/07/2018 - 19:39

thanks for producing and making these videos available to us.

Submitted by admin on Mon, 02/12/2018 - 21:04

Thank you very much for your feedback

Submitted by Mohamed Abd El-... on Tue, 05/28/2019 - 13:56

Hi
Are there English translation files (.srt) for these videos ?
Thanks in advance

Poll

Vote for the Next Video Series