KB ID 0001101
Problem
I’ve only just recently started to work with these, the advantage of them is they are great for SOHO and SMB, and they don’t need additional SSD drives installing.
Note: This also procedure works on the larger ASA5500-X firewalls that have Firepower installed on an internal SSD drive, (i.e. 5512,5515,5525, and 5545 etc.)
While getting them to work with a Sourcefire appliance, I had to ‘bounce’ the module a few times.
Note: the following procedure will not affect traffic flowing through the firewall unless you have your SFR module set to ‘fail-closed’.
Solution
1. First things first, check the status of the module.
Petes-ASA> enable Password: ******* Petes-ASA# show module Mod Card Type Model Serial No. ---- -------------------------------------------- ------------------ ----------- 1 ASA 5506-X with FirePOWER services, 8GE, AC, ASA5506 JAD1912XXXX sfr FirePOWER Services Software Module ASA5506 JAD1912XXXX Mod MAC Address Range Hw Version Fw Version Sw Version ---- --------------------------------- ------------ ------------ --------------- 1 a46c.2a99.dfbe to a46c.2a99.eeee 1.0 1.1.1 9.3(2)2 sfr a46c.2a99.dfbd to a46c.2a99.ffff N/A N/A 5.4.1-211 Mod SSM Application Name Status SSM Application Version ---- ------------------------------ ---------------- -------------------------- sfr ASA FirePOWER Up 5.4.1-211 Mod Status Data Plane Status Compatibility ---- ------------------ --------------------- ------------- 1 Up Sys Not Applicable sfr Up Up
2. To reload the module issue the following command;
Petes-ASA# sw-module module sfr reload Reload module sfr? [confirm] {Enter} Reload issued for module sfr. Petes-ASA#
3. It usually only takes a couple of minutes but you can use the show module command to keep an eye on it.
Petes-ASA# show module -----Output removed for the sake of brevity---- Mod Status Data Plane Status Compatibility ---- ------------------ --------------------- ------------- 1 Up Sys Not Applicable sfr Reload Not Applicable -----Output removed for the sake of brevity---- Mod Status Data Plane Status Compatibility ---- ------------------ --------------------- ------------- 1 Up Sys Not Applicable sfr Init Not Applicable -----Output removed for the sake of brevity---- Mod Status Data Plane Status Compatibility ---- ------------------ --------------------- ------------- 1 Up Sys Not Applicable sfr Up Up
Related Articles, References, Credits, or External Links
NA