Cisco ASA 5506-X Configuration Manual page 351
Cli
Hide thumbs
Also See for ASA 5506-X:
- Installation manual (46 pages) ,
- Hardware installation manual (26 pages) ,
- Quick start manual (14 pages)
Advertisement
Chapter 16
ASA FirePOWER (SFR) Module
Install or Reimage the Software Module
If you purchase the ASA with the ASA FirePOWER module, the module software and required solid
state drives (SSDs) come pre-installed and ready to configure. If you want to add the ASA FirePOWER
software module to an existing ASA, or need to replace the SSD, you need to install the ASA
FirePOWER boot software, partition the SSD, and install the system software according to this
procedure.
Reimaging the module is the same procedure, except you should first uninstall the ASA FirePOWER
module. You would reimage a system if you replace an SSD.
For information on how to physically install the SSD, see the ASA hardware guide.
Before You Begin
•
•
•
•
•
•
Procedure
Download the boot image to the device. Do not transfer the system software; it is downloaded later to
Step 1
the SSD. You have the following options:
•
•
Step 2
Download the ASA FirePOWER system software from Cisco.com to an HTTP, HTTPS, or FTP server
accessible from the ASA FirePOWER management interface. Do not download it to disk0 on the ASA.
The free space on flash (disk0) should be at least 3GB plus the size of the boot software.
In multiple context mode, perform this procedure in the system execution space.
You must shut down any other software module that you might be running; the device can run a
single software module at a time. You must do this from the ASA CLI. For example, the following
commands shut down and uninstall the IPS software module, and then reload the ASA; the
commands to remove the CX module are the same, except use the cxsc keyword instead of ips.
hostname# sw-module module ips shutdown
hostname# sw-module module ips uninstall
hostname# reload
If you have an active service policy redirecting traffic to an IPS or CX module, you must remove
that policy. For example, if the policy is a global one, you could use no service-policy ips_policy
global. If the service policy includes other rules you want to maintain, simply remove the redirection
command from the relevant policy map, or the entire traffic class if redirection is the only action for
the class. You can remove the policies using CLI or ASDM.
When reimaging the module, use the same shutdown and uninstall commands to remove the old
image. For example, sw-module module sfr uninstall.
Obtain both the ASA FirePOWER Boot Image and System Software packages from Cisco.com.
ASDM—First, download the boot image to your workstation, or place it on an FTP, TFTP, HTTP,
HTTPS, SMB, or SCP server. Then, in ASDM, choose Tools > File Management, and then choose
the appropriate File Transfer command, either Between Local PC and Flash or Between Remote
Server and Flash. Transfer the boot software to disk0 on the ASA.
ASA CLI—First, place the boot image on a TFTP, FTP, HTTP, or HTTPS server, then use the copy
command to download it to flash. The following example uses TFTP; replace <TFTP Server> with
your server's IP address or host name.
ciscoasa# copy tftp://<TFTP SERVER>/asasfr-5500x-boot-5.3.1-58.img
disk0:/asasfr-5500x-boot-5.3.1-58.img
Configure the ASA FirePOWER Module
Cisco ASA Series Firewall CLI Configuration Guide
16-11
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
