Skip to main content

 

 

Cisco Defense Orchestrator

Onboard an ASA FirePOWER Module

Prerequisite

Before onboarding an ASA FirePOWER module, you will need the right kind of SDC to manage it. Consider these three types of ASA FirePOWER module deployments:

  • If the ASA's management interface uses a public IP address and the ASA FirePOWER module's management interface uses a public IP address, then you can manage the ASA FirePOWER module with Cisco Defense Orchestrator in the cloud.

  • If the ASA's management interface uses a private IP address and the ASA FirePOWER services module's management interface uses private IP addresses, then you must use an on-premise Secure Device Connector to manage the device. See Deploying an On-Prem CDO Secure Device Connector (SDC) for more information.

  • If the ASA's management interface has a public address and the ASA FirePOWER module's management interface uses a private IP address, you will need to create a NAT rule to connect the two interfaces. In this case, use the Enabling FirePOWER Services on your ASA procedure.

Procedure 

  1. Onboard the ASA running the ASA FirePOWER module using the Onboarding Devices and Services procedure. If the ASA FirePOWER module is installed on an ASA running in multi-context mode, onboard the ASA in the admin context.
  2. In CDO, click Devices & Services, and select the ASA you just onboarded. If the ASA is in multi-context mode, select the IP address for the admin context.
  3. Click the Enable FirePOWER button button in the details pane.
  4. In the Connect to Device dialog, provide a username and password of an ASA user. If the ASA is in multi-context mode, choose a user with system administrator privileges, level 15. When the ASA is running in multi-context mode, you need the user you choose to have system administrator privileges in order to switch from the admin context to system context.
  5. Click Connnect.
  6. Apply a label if you want and click Finish
  • Was this article helpful?