Download the ASA SFR system
software from Cisco.com
Download the boot image to
the device.
Download the boot image to
your workstation
Copy
Boot Image to ASA Flash
Example
Configure SFR
module
ASA#
sw-module module sfr recover configure image disk0:/file_path
Example below:
ASA#
sw-module module sfr recover configure image disk0:/asasfr-5500x-boot-5.3.1-152.img
Load the ASA SFR boot
image using below command
ASA#
sw-module module sfr recover boot
Initial Configuration
Note: The default
username is admin, and the default password is Admin123.
Example Below
ASA# session sfr console
Opening console session with module sfr.
Connected to module sfr. Escape character sequence
is 'CTRL-^X'.
Cisco ASA SFR Boot Image 5.3.1
asasfr login: admin
Password: Admin123
Enter the setup command in order to configure the system so
that you can install the system software package:
asasfr-boot>
setup
Provide below settings
·
Host name
·
Network address.
·
DNS information
·
NTP information
System Software
Installation
2.
Enter the system install command:
asasfr-boot >system install [noconfirm] url
Include the noconfirm option
if you do not want to respond to confirmation messages. Replace the url keyword with the location of the .pkg file.
Example Below
asasfr-boot
>system install http:/<HTTP_SERVER>/asasfr-sys-5.3.1-152.pkg
Verifying
Downloading
Extracting
Package Detail
Description: Cisco ASA-FirePOWER 5.3.1-152 System Install
Requires
reboot: Yes
Do you want to continue with upgrade? [y]: y
Upgrading
Starting upgrade process ...
Populating new system image
Reboot is required to complete the upgrade. Press
'Enter' to reboot the system.
(press Enter)
Broadcast message from root (ttyS1) (Mon Jun 23
09:28:38 2014):
The system is going down for reboot NOW!
Console session with module sfr terminated.
System Software Configuration
Configure the Firepower Software
Complete these steps
in order to configure the Firepower software:
1.
Open a session to the ASA SFR module.
ASA#
session sfr
Opening command session with module sfr.
Connected to module sfr. Escape character sequence
is 'CTRL-^X'.
Sourcefire ASA5555 v5.3.1 (build 152)
Sourcefire3D login:
2. Log in with the
username admin and the password Sourcefire.
3.
Complete the system configuration as prompted.
Register Device with
Management Server
Using the Command Line Interface (CLI)
1. Connect
to the CLI of the device that you want register with FireSIGHT Management
Center. This device could be anyFirePOWER appliance, NGIPS Virtual appliances,
or an ASA running FirePOWER services.
Note: If you are using an ASA with FirePOWER services as a managed
device, you can open a console session to the module from the ASA CLI. If the
ASA is running on multiple context mode, session from the system execution
space.
2. Log in
with the username admin or another username that has the CLI configuration (Administrator)
access level.
3. At the
prompt, register the device to a FireSIGHT Management Center using the configure manager add command.
Note: A unique alphanumeric registration key is always required to
register a device to a FireSIGHT Management Center. This is a simple key that
you specify, and is not the same as a license key.
The command
has the following syntax:
> configure manager add <hostname | IPv4_address | IPv6_address | DONTRESOLVE> reg_key <nat_id>
In the above
syntax,
- <hostname | IPv4_address | IPv6_address
| DONTRESOLVE> specifies either
the fully qualified host name or IP address of the FireSIGHT Management
Center. If the FireSIGHT Management Center is not directly addressable,
useDONTRESOLVE.
- reg_key is an unique
alphanumeric registration key required to register a device to the
FireSIGHT Management Center.
- nat_id is an optional
alphanumeric string used during the registration process between the
FireSIGHT Management Center and the device. It is required if the hostname
is set to DONTRESOLVE.
In most
cases, you must provide the FireSIGHT Management Center's hostname or the IP
address along with the registration key, for example:
> configure manager add DC_IP_Address my_reg_key
However, if
the device and the FireSIGHT Management Center are separated by a NAT device,
enter a unique NAT ID along with the registration key, and specify DONTRESOLVE instead of the hostname, for example:
configure manager add DONTRESOLVE my_reg_key my_nat_id
In the
following example, there is no NAT boundary between the FireSIGHT Management
Center and the managed device, and123456 is used as a registration key.
> configure manager add 192.0.2.2 123456Manager successfully configured.
Add a
Device to the FireSIGHT Management Center
1. Log into the web user interface of the Management Center. Click the Devices tab at the top of the page.
2. Click Add which is located at the top right. A
drop down list appears. Click Add Device. A window
pops up in the middle of the screen requesting the device informaiton.
3. In the Host field, enter the IP address of the
device.
4. In the Registration Key field, enter the one-time registration
key that you specified earlier.
5. Set the
rest of the options to your preference. If you used a NAT ID, click on Advanced to expand it and enter the same NAT ID
in the Unique NAT ID field.
6. Click Register.
You should now be able to manage your device from the FireSIGHT Management
Center.