Download the ASA SFR system
software from Cisco.com
Download the boot image to
the device.
Download the boot image to
your workstation
Copy
Boot Image to ASA Flash
Example
ASA# copy http://<HTTP_SERVER>/asasfr-5500x-boot-5.3.1-152.img
disk0:/asasfr-5500x-boot-5.3.1-152.img
Configure SFR
module
ASA# sw-module module sfr recover configure image disk0:/file_path
ASA# sw-module module sfr recover configure image disk0:/file_path
Example below:
ASA# sw-module module sfr recover configure image disk0:/asasfr-5500x-boot-5.3.1-152.img
Load the ASA SFR boot
image using below command
ASA# sw-module module sfr recover boot
ASA# sw-module module sfr recover boot
Initial Configuration
Note: The default
username is admin, and the default password is Admin123.
Example Below
ASA# session sfr console
Opening console session with module sfr.
Connected to module sfr. Escape character sequence
is 'CTRL-^X'.
Cisco ASA SFR Boot Image 5.3.1
asasfr login: admin
Password: Admin123
Enter the setup command in order to configure the system so
that you can install the system software package:
asasfr-boot> setup
asasfr-boot> setup
Provide below settings
·
Host name
·
Network address.
·
DNS information
·
NTP information
System Software
Installation
2.
Enter the system install command:
asasfr-boot >system install [noconfirm] url
Include the noconfirm option
if you do not want to respond to confirmation messages. Replace the url keyword with the location of the .pkg file.
Example Below
asasfr-boot >system install http:/<HTTP_SERVER>/asasfr-sys-5.3.1-152.pkg
asasfr-boot >system install http:/<HTTP_SERVER>/asasfr-sys-5.3.1-152.pkg
Verifying
Downloading
Extracting
Package Detail
Description: Cisco ASA-FirePOWER 5.3.1-152 System Install
Requires
reboot: Yes
Do you want to continue with upgrade? [y]: y
Upgrading
Starting upgrade process ...
Populating new system image
Reboot is required to complete the upgrade. Press
'Enter' to reboot the system.
(press Enter)
Broadcast message from root (ttyS1) (Mon Jun 23
09:28:38 2014):
The system is going down for reboot NOW!
Console session with module sfr terminated.
Complete these steps
in order to configure the Firepower software:
1.
Open a session to the ASA SFR module.
ASA# session sfr
Opening command session with module sfr.
Connected to module sfr. Escape character sequence
is 'CTRL-^X'.
Sourcefire ASA5555 v5.3.1 (build 152)
Sourcefire3D login:
2. Log in with the
username admin and the password Sourcefire.
3.
Complete the system configuration as prompted.
Register Device with Management Server
Using the Command Line Interface (CLI)
1. Connect
to the CLI of the device that you want register with FireSIGHT Management
Center. This device could be anyFirePOWER appliance, NGIPS Virtual appliances,
or an ASA running FirePOWER services.3. At the prompt, register the device to a FireSIGHT Management Center using the configure manager add command.
> configure manager add <hostname | IPv4_address | IPv6_address | DONTRESOLVE> reg_key <nat_id>
In the above
syntax,- <hostname | IPv4_address | IPv6_address
| DONTRESOLVE> specifies either
the fully qualified host name or IP address of the FireSIGHT Management
Center. If the FireSIGHT Management Center is not directly addressable,
useDONTRESOLVE.
- reg_key is an unique
alphanumeric registration key required to register a device to the
FireSIGHT Management Center.
- nat_id is an optional
alphanumeric string used during the registration process between the
FireSIGHT Management Center and the device. It is required if the hostname
is set to DONTRESOLVE.
> configure manager add DC_IP_Address my_reg_key
However, if
the device and the FireSIGHT Management Center are separated by a NAT device,
enter a unique NAT ID along with the registration key, and specify DONTRESOLVE instead of the hostname, for example:configure manager add DONTRESOLVE my_reg_key my_nat_idIn the following example, there is no NAT boundary between the FireSIGHT Management Center and the managed device, and123456 is used as a registration key.
> configure manager add 192.0.2.2 123456Manager successfully configured.
Add a
Device to the FireSIGHT Management Center
1. Log into the web user interface of the Management Center. Click the Devices tab at the top of the page.
2. Click Add which is located at the top right. A drop down list appears. Click Add Device. A window pops up in the middle of the screen requesting the device informaiton.
3. In the Host field, enter the IP address of the device.
4. In the Registration Key field, enter the one-time registration key that you specified earlier.
5. Set the rest of the options to your preference. If you used a NAT ID, click on Advanced to expand it and enter the same NAT ID in the Unique NAT ID field.
6. Click Register. You should now be able to manage your device from the FireSIGHT Management Center.