Install Or Reimage The Software Module - Cisco ASA Series Configuration Manual
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Managing the ASA FirePOWER Module
•
Install or Reimage the Software Module
If you purchase the ASA with the ASA FirePOWER module, the module software and required solid
state drives (SSDs) come pre-installed and ready to configure. If you want to add the ASA FirePOWER
software module to an existing ASA, or need to replace the SSD, you need to install the ASA
FirePOWER boot software, partition the SSD, and install the system software according to this
procedure.
Reimaging the module is the same procedure, except you should first uninstall the ASA FirePOWER
module. You would reimage a system if you replace an SSD.
For information on how to physically install the SSD, see the ASA hardware guide.
Before You Begin
•
•
•
•
•
Procedure
Download the boot image to the ASA. Do not transfer the system software; it is downloaded later to the
Step 1
SSD. You have the following options:
•
•
Download the ASA FirePOWER system software from Cisco.com to an HTTP, HTTPS, or FTP server
Step 2
accessible from the ASA FirePOWER management interface. Do not download it to disk0 on the ASA.
Cisco ASA Series Firewall CLI Configuration Guide
7-14
Reimage the ASA 5585-X ASA FirePOWER Hardware Module, page 7-16
The free space on flash (disk0) should be at least 3GB plus the size of the boot software.
In multiple context mode, perform this procedure in the system execution space.
You must shut down any other software module that you might be running; the ASA can run a single
software module at a time. You must do this from the ASA CLI. For example, the following
commands shut down and uninstall the IPS software module, and then reload the ASA; the
commands to remove the CX module are the same, except use the cxsc keyword instead of ips.
sw-module module ips shutdown
sw-module module ips uninstall
reload
When reimaging the ASA FirePOWER module, use the same shutdown and uninstall commands to
remove the old image. For example, sw-module module sfr uninstall.
If you have an active service policy redirecting traffic to an IPS or CX module, you must remove
that policy. For example, if the policy is a global one, you could use no service-policy ips_policy
global. If the service policy includes other rules you want to maintain, simply remove the redirection
command from the relevant policy map, or the entire traffic class if redirection is the only action for
the class. You can remove the policies using CLI or ASDM.
Obtain both the ASA FirePOWER Boot Image and System Software packages from Cisco.com.
ASDM—First, download the boot image to your workstation, or place it on an FTP, TFTP, HTTP,
HTTPS, SMB, or SCP server. Then, in ASDM, choose Tools > File Management, and then choose
the appropriate File Transfer command, either Between Local PC and Flash or Between Remote
Server and Flash. Transfer the boot software to disk0 on the ASA.
ASA CLI—First, place the boot image on a TFTP, FTP, HTTP, or HTTPS server, then use the copy
command to download it to flash. The following example uses TFTP:
ciscoasa# copy tftp://10.1.1.89/asasfr-5500x-boot-5.4.1-58.img
disk0:/asasfr-5500x-boot-5.4.1-58.img
Chapter 7
ASA FirePOWER Module
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
