In Our latest circumstance, firepower program module is mounted on recent Cisco ASA firewall that you can very easily verify with moving into #exhibit module sfr command in the international configuration manner.
It will exhibit you, Standing of your Firepower module or appliances, as mentioned in beneath screenshot firepower status is UP.
There is some pre-requisite before integrating Firesight with Firepower:-
- Make Absolutely sure 443 is authorized between ASA and Firesight
You are conveniently ready to validate this by issuing #exhibit module sfr specifics command in international configuration mode on ASA.
It will clearly show you “mgmt. web ports = 443” and “mgmt. TLS=enabled” suggests 443 is permitted for interaction.
- Compatibility of Firesight module
My , Existing Firepower edition = 6..
ASA 5515 = 9.8(1) .5
For current firepower model, only firesight 6..1 is supported. You will get beneath mistake message.
To enter into SFR console from the Cisco ASA, enter #session sfr console command from the world wide configuration command.
Right here are recent passwords is default username = admin, Passwords = Admin123
Now you have to have to incorporate your manager IP by
- Configure supervisor add manager_IP Yoursecretkey
Now enter the command #exhibit professionals to view the supervisor registration position.
Keep in mind one matter right here is you need to integrate Cisco firepower module with firepower, not the Cisco ASA firewall by itself. For that issue, the >configure community command to look at the administration IP deal with of firesight management IP.
Now you want to login to your Firesight supervisor by navigating to
Gadgets > Machine Administration > Incorporate Equipment and enter the specifics of SFR IP along with registration essential that you entered in the time of supervisor addition on the cisco firepower.
After integration, it will present you built-in unit IP less than product management.
Click on the edit icon to Edit icon to perspective the extra details
To redirect visitors from ASA to firesight:-
In Router mode:-
1-Configured obtain-listing to specify what site visitors will be redirected to SFR for inspection
entry-lsit SFR prolonged deny ip ……..
access-lsit SFR extended allow ip any any
2-configured class map to match entry-listing made in phase 1
match obtain-list SFR
3- related class map to world policy.
plan-map world wide_policy
sfr fail-open keep an eye on-only
In our Situation, ASA is managing under Clear mode
And now, Gig0/1 is applied for monitoring this site visitors
Cisco FirePOWER SFR Module Can’t Ping
A single difficulty I confronted here is I am not able to ping from Firepower Module, which you can be preset with down below command.
admin@-SFR:~$ sudo chmod u+s /bin/ping