Cisco ASA 5500-X Restart the FirePOWER Service Module

KB ID 0001101 Dtd 25/08/15

Problem

I’ve only just recently started to work with these, the advantage of them is they are great for SOHO and SMB, and they don’t need additional SSD drives installing.

Note: This also procedure works on the larger ASA5500-X firewalls that have Firepower installed on an internal SSD drive, (i.e. 5512,5515,5525, and 5545 etc.)

asa5506 and asa5508

While getting them to work with a Sourcefire appliance, I had to ‘bounce’ the module a few times.

Note: the following procedure will not affect traffic flowing through the firewall unless you have your SFR module set to ‘fail-closed’.

Solution

1. First things first, check the status of the module.

Petes-ASA> enable
Password: *******
Petes-ASA# show module

Mod  Card Type                                    Model              Serial No.
---- -------------------------------------------- ------------------ -----------
   1 ASA 5506-X with FirePOWER services, 8GE, AC, ASA5506            JAD1912XXXX
 sfr FirePOWER Services Software Module           ASA5506            JAD1912XXXX

Mod  MAC Address Range                 Hw Version   Fw Version   Sw Version
---- --------------------------------- ------------ ------------ ---------------
   1 a46c.2a99.dfbe to a46c.2a99.eeee  1.0          1.1.1        9.3(2)2
 sfr a46c.2a99.dfbd to a46c.2a99.ffff  N/A          N/A          5.4.1-211

Mod  SSM Application Name           Status           SSM Application Version
---- ------------------------------ ---------------- --------------------------
 sfr ASA FirePOWER                  Up               5.4.1-211

Mod  Status             Data Plane Status     Compatibility
---- ------------------ --------------------- -------------
   1 Up Sys             Not Applicable
 sfr Up               Up

2. To reload the module issue the following command;

Petes-ASA# sw-module module sfr reload

Reload module sfr? [confirm] {Enter}
Reload issued for module sfr.
Petes-ASA#

3. It usually only takes a couple of minutes but you can use the show module command to keep an eye on it.

Petes-ASA# show module

-----Output removed for the sake of brevity----

Mod  Status             Data Plane Status     Compatibility
---- ------------------ --------------------- -------------
   1 Up Sys             Not Applicable
 sfr Reload             Not Applicable


-----Output removed for the sake of brevity----

Mod  Status             Data Plane Status     Compatibility
---- ------------------ --------------------- -------------
   1 Up Sys             Not Applicable
 sfr Init             Not Applicable


-----Output removed for the sake of brevity----

Mod  Status             Data Plane Status     Compatibility
---- ------------------ --------------------- -------------
   1 Up Sys             Not Applicable
 sfr Up               Up
 

Related Articles, References, Credits, or External Links

NA

Author: Migrated

Share This Post On