7-14
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 7 ASA FirePOWER Module
Managing the ASA FirePOWER Module
•
Reimage the ASA 5585-X ASA FirePOWER Hardware Module, page 7-16
Install or Reimage the Software Module
If you purchase the ASA with the ASA FirePOWER module, the module software and required solid
state drives (SSDs) come pre-installed and ready to configure. If you want to add the ASA FirePOWER
software module to an existing ASA, or need to replace the SSD, you need to install the ASA
FirePOWER boot software, partition the SSD, and install the system software according to this
procedure.
Reimaging the module is the same procedure, except you should first uninstall the ASA FirePOWER
module. You would reimage a system if you replace an SSD.
For information on how to physically install the SSD, see the ASA hardware guide.
Before You Begin
•
The free space on flash (disk0) should be at least 3GB plus the size of the boot software.
•
In multiple context mode, perform this procedure in the system execution space.
•
You must shut down any other software module that you might be running; the ASA can run a single
software module at a time. You must do this from the ASA CLI. For example, the following
commands shut down and uninstall the IPS software module, and then reload the ASA; the
commands to remove the CX module are the same, except use the
cxsc
keyword instead of
ips
.
sw-module module ips shutdown
sw-module module ips uninstall
reload
When reimaging the ASA FirePOWER module, use the same shutdown and uninstall commands to
remove the old image. For example,
sw-module module sfr uninstall
.
•
If you have an active service policy redirecting traffic to an IPS or CX module, you must remove
that policy. For example, if the policy is a global one, you could use
no service-policy
ips_policy
global
. If the service policy includes other rules you want to maintain, simply remove the redirection
command from the relevant policy map, or the entire traffic class if redirection is the only action for
the class. You can remove the policies using CLI or ASDM.
•
Obtain both the ASA FirePOWER Boot Image and System Software packages from Cisco.com.
Procedure
Step 1
Download the boot image to the ASA. Do not transfer the system software; it is downloaded later to the
SSD. You have the following options:
•
ASDM—First, download the boot image to your workstation, or place it on an FTP, TFTP, HTTP,
HTTPS, SMB, or SCP server. Then, in ASDM, choose
Tools > File Management
, and then choose
the appropriate
File Transfer
command, either
Between Local PC and Flash
or
Between Remote
Server and Flash
. Transfer the boot software to disk0 on the ASA.
•
ASA CLI—First, place the boot image on a TFTP, FTP, HTTP, or HTTPS server, then use the
copy
command to download it to flash. The following example uses TFTP:
ciscoasa# copy tftp://10.1.1.89/asasfr-5500x-boot-5.4.1-58.img
disk0:/asasfr-5500x-boot-5.4.1-58.img
Step 2
Download the ASA FirePOWER system software from Cisco.com to an HTTP, HTTPS, or FTP server
accessible from the ASA FirePOWER management interface. Do not download it to disk0 on the ASA.
Summary of Contents for ASA 5508-X
Page 11: ...P A R T 1 Access Control ...
Page 12: ......
Page 157: ...P A R T 2 Network Address Translation ...
Page 158: ......
Page 233: ...P A R T 3 Service Policies and Application Inspection ...
Page 234: ......
Page 379: ...P A R T 4 Connection Management and Threat Detection ...
Page 380: ......