Cisco SFR Cant Ping its Default Gateway?
Jul25

Cisco SFR Cant Ping its Default Gateway?

KB ID 0001575 Problem This is a strange one? I was deploying FirePOWER to a pair of ASA 5550-8-X firewalls in Active / Standby failover last week. After each SFR was updated (via ASDM.) I could no longer ‘ping it’, the SFR itself could ping everything on the same VLAN, APART from its own default gateway, (which was an SVI on the Cisco 3750 switch it was connected to). This happened every time I updated the SFR, (or...

Read More
Cisco 5506-X / 5512-X SFR Unsupported
Feb26

Cisco 5506-X / 5512-X SFR Unsupported

KB ID 0001522 Problem After upgrading an ASA 5506-X to Version 9.10, I was about to re-image the FirePOWER SFR module. I went to load the boot image and this happened; sw-module module sfr recover configure image disk0:/asasfr-5500x-boot-6.3.0-3.img ^ ERROR: % Invalid input detected at ‘^’ marker. At first I thought “Oh great, the syntax has changed, there’s another post to update”. But no, the command is...

Read More
Cisco ASA: Remove FTD and Return to ASA and ASDM
Dec18

Cisco ASA: Remove FTD and Return to ASA and ASDM

KB ID 0001496 Problem A few weeks ago I posted an article about re-image your Cisco ASA to FTD (FirePOWER Threat Defence). Now you may find the the FTD is not as ‘Feature rich’ as your old firewall, or that there’s a ‘Lack of feature parity’, which are two polite ways of saying that it’s crap, (sorry it’s just awful, as usual Cisco should’ve spent a LOT longer developing this product,...

Read More
Convert ASA 5500-X To FirePOWER Threat Defence
Nov08

Convert ASA 5500-X To FirePOWER Threat Defence

KB ID 0001490 Problem I’m seeing more and more people asking questions in forums about FTD, so I thought it was about time I looked at it. Cisco ASA 5500-X firewalls can now be re-imaged to run the FTD software. The thinking is that the FTD will merge the Cisco ASA product and the FirePOWER product into one unified operating system. Then that is managed by FDM (FirePOWER Device Manager), basically a web management GUI. Solution...

Read More
FirePOWER: ‘No Authentication Required’ No Usernames
Aug22

FirePOWER: ‘No Authentication Required’ No Usernames

KB ID 0001460 Problem When attempting to track Users with FirePOWER, the FMC would not show any usernames? Solution Theres a lot of reasons this might not work, let’s take a look at a few of them. Firstly make sure the server running the ‘user agent’ is listed under  System >Integration > Identity Sources > User Agent. It probably goes without saying, but over on server running the user agent, make sure it...

Read More
Cisco FirePOWER (On-Box / ASDM) Change the Time Zone
Nov08

Cisco FirePOWER (On-Box / ASDM) Change the Time Zone

KB ID 0001363 Problem At first this was just a bug, now it’s annoying, I don’t know why Cisco have not got round to fixing this, it’s still a problem in the latest (6.2.2 at time of writing,) version. Solution Configuration > ASA FirePOWER Configuration > Local > System Policy > Time > Synchronisation > Manually > Save Policy and  Exit. Deploy > Deploy FirePOWER Changes > Deploy. To View...

Read More