FirePOWER Replacing your ASA/FTD with Firepower services
12 Slides187.22 KB
FirePOWER Replacing your ASA/FTD with Firepower services Kaustubh Vajarkar Cisco FirePOWER TAC Engineer
STEPS Collect important information from existing device Download installer files for required version Re-image new device to the required version Restore configuration Re-host licenses Replace device
Collect important information from existing device Download installer files for required version Re-image new device to the required version Restore configuration Re-host licenses Replace device Collect version information show module show version show asdm image Collect ASA license information show activation-key detail Configuration ASA FirePOWER Configuration Licenses and clicking Add New License. (To locate old license key if on-box managed) Create backup from ASDM ASA configuration backup http:// www.cisco.com/c/en/us/td/docs/security/asa/asa83/asdm63/configu ration guide/config/admin swconfig.html#wp1243681
Collect important information from existing device Download installer files for required version Re-image new device to the required version Restore configuration Re-host licenses Replace device Collect version information show version FTD license information The FTD uses smart license and a token will be required to be downloaded from Cisco Smart Software Manager Create backup from FTD Firepower configuration backup if using on-box management http:// www.cisco.com/c/en/us/support/docs/security/asa-5500-x-firepower -services/200448-Configure-Backup-Restore-of-Configurati.html
Collect important information from existing device Download installer files for required version Re-image new device to the required version Restore configuration Re-host licenses Replace device Device cabling
Collect important information from existing device Download installer files for required version Re-image new device to the required version Restore configuration Re-host licenses Replace device Download link http://www.cisco.com/go/asa-firepower-sw Compatibility matrix http:// www.cisco.com/c/en/us/td/docs/security/asa/compatibili ty/asamatrx.html ASA FTD boot image asa953-lfbff-k8.SPA ASDM asdm-771.bin FirePOWER Boot Image asasfr-5500x-boot6.1.0-330.img Firepower Package Installer asasfr-sys-6.1.0330.pkg ftd-boot-9.6.2.0.lfbff System software install package ftd-6.1.0-330.pkg
Collect important information from existing device Download installer files for required version Re-image new device to the required version Restore configuration Re-host licenses Replace device Install and Configure a FirePOWER Services Module on an ASA Platform http:// www.cisco.com/c/en/us/support/docs/security/asa-firepo wer-services/118644-configure-firepower-00.html Reimage the Cisco ASA or Firepower Threat Defense Device http:// www.cisco.com/c/en/us/td/docs/security/firepower/quick start/reimage/asa-ftd-reimage.html
Collect important information from existing device Download installer files for required version Re-image new device to the required version Restore configuration Re-host licenses Replace device Install basic configuration on ASA and connect via ASDM Cisco ASA 5506-X Series Quick Start Guide http:// www.cisco.com/c/en/us/td/docs/security/asa/quick start/55 06X/5506x-quick-start.html Cisco ASA 5508-X and ASA 5516-X Quick Start Guide http:// www.cisco.com/c/en/us/td/docs/security/asa/quick start/55 08X/5508x-quick-start.html Restore backup for ASA using ASDM Restoring Configurations http:// www.cisco.com/c/en/us/td/docs/security/asa/asa83/asdm6 3/configuration guide/config/admin swconfig.html#wp124 4402 Restore Firepower module if on-box managed Provision network settings to Firepower module ciscoasa# session sfr console configure network ipv4 manual ipaddr netmask gw
Collect important information from existing device Download installer files for required version Re-image new device to the required version Restore configuration Assign management IP address on the new FTD Re-host licenses Restore the previously taken backup Replace device
Collect important information from existing device Download installer files for required version Re-image new device to the required version Restore configuration Re-host licenses Replace device Product License Registration http://www.cisco.com/go/license FTD uses smart licenses and a token will be required to be downloaded from Cisco Smart Software Manager
Collect important information from existing device Download installer files for required version Re-image new device to the required version Restore configuration Re-host licenses Replace device Connect cables according to the network diagram Delete old FirePOWER module/FTD from FirePOWER Management Center GUI Device Device management Delete device. Add the FirePOWER module/FTD in the new device to the Management Center configure manager add fmcIP regkey Deploy policies to the device Verify connection events indicating correct functionality of the FirePOWER module.
FirePOWE R Kaustubh Vajarkar Cisco FirePOWER TAC Engineer YOU THANK
