For centralized management model, enterprise customers may manage multiple FirePOWER installs through a single management console. Before Cisco’s acquisition, SourceFire called it Defense Center. Cisco also called it FireSignt Management Console I will cover configure and manage ASA FirePOWER Module using Management Center. Follow the following steps to register a FirePOWER install with the Management Center.
Configure and Manage ASA FirePOWER Module using Management Center
Step 1: Login the ASA through CLI over console or SSH session.
You must login using a user account with privilege 15.
Step 2: Session to the FirePOWER module and complete basic configuration
ASA1# session sfrDefault username / password: admin / Sourcefire
The first time you access the FirePOWER module, you are prompted for basic configuration parameters. Complete the system configuration wizard as prompted.
Step 3: Register the FirePOWER module to a FirePOWER Management Center
> configure manager add Mgmt_Centr_IP reg_key
Mgmt_Centr_IP is the Management Center’s IP address. Make sure it is reachable from the FirePOWER’s management IP.
reg_key is a secret key that is shared between the Management Center and the FirePOWER install. For example,
> configure manager add 172.31.16.125 mysecretekey Manager successfully configured.
Please note that FirePOWER will not try to validate its ability to access or register with the Management Center. If you made a mistake, you can delete the configuration and redo.
> configure manager delete Manager successfully deleted.
That’s all you need to do on the FirePOWER module.
Step 4: Add FirePOWER sensor in Management Console
Login the Management Center and navigate to Devices – Device Management – Add Device
Enter the FirePOWER’s IP address and shared registration key. Click Register.
If the registration went successfully, you should see the newly registered FirePOWER sensor in the device list. If it fails, make sure from the Management Center you can reach the FirePOWER management IP and vice versa.
Step 5: Add FirePOWER feature licenses in Management Center
In the Management Center, go to System – Licenses and click on Add New License. Follow the same procedure activating licenses outlined earlier.
Step 6: Apply licenses to the newly installed FirePOWER module
The Management Center acts as a license repository that manages all the licenses in an organization. A license can be applied to one compatible FirePOWER module at a time. Once the license is used on a FirePOWER module, you may not reuse it on a different module.
To apply the installed licenses to a FirePOWER module, go to Devices – Device Management and click on License. If you have unused and compatible licenses available, you can check the boxes to activate the feature.
Above example indicates that we only have Protection license available and it has been applied to this device.
FirePOWER Code Update and Rule Update
It is a good practice to periodically check and run software code updates, security patches. Similar to anti-virus signature updates, FirePOWER’s rule database also need to be updated as soon as the new ones are released.
Run updates in FirePOWER Management Center
One of the benefits of centralized management model is that you only need to download the updates once and push to all compatible FirePOWER modules in the field. To download updates, go to System – Updates. Click on the Download updates button on the lower right corner to make the Management Center to go out to Cisco update center and pull all applicable updates. And you can choose which one you want to install.
To install an update, click the install icon and select the FirePOWER modules you want to push this update to.
For major software updates, it requires the reboot of the FirePOWER module. It is recommended to perform the update during a maintenance window.
If you are looking for best practice, baseline configuration of the ASA 5506-X before moving on to setting up the FirePOWER module, please read: Basic Cisco ASA 5506-x Configuration Example, or download configuration template for FREE.
Continue reading:
Cisco ASA 5506-X FirePOWER Configuration Example Part 1
