16-16
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 16 ASA FirePOWER (SFR) Module
Configure the ASA FirePOWER Module
Enter an IPv4 address for the management interface [192.168.45.45]:
10.86.118.3
Enter an IPv4 netmask for the management interface [255.255.255.0]:
255.255.252.0
Enter the IPv4 default gateway for the management interface []:
10.86.116.1
Enter a fully qualified hostname for this system [Sourcefire3D]:
asasfr.example.com
Enter a comma-separated list of DNS servers or 'none' []:
10.100.10.15,
10.120.10.14
Enter a comma-separated list of search domains or 'none' [example.net]:
example.com
If your networking information has changed, you will need to reconnect.
For HTTP Proxy configuration, run 'configure network http-proxy'
(Wait for the system to reconfigure itself.)
This sensor must be managed by a Defense Center. A unique alphanumeric
registration key is always required. In most cases, to register a sensor
to a Defense Center, you must provide the hostname or the IP address along
with the registration key.
'configure manager add [hostname | ip address ] [registration key ]'
However, if the sensor and the Defense Center are separated by a NAT device,
you must enter a unique NAT ID, along with the unique registration key.
'configure manager add DONTRESOLVE [registration key ] [ NAT ID ]'
Later, using the web interface on the Defense Center, you must use the same
registration key and, if necessary, the same NAT ID when you add this
sensor to the Defense Center.
Step 4
(Optional for 5506-X.)
Now you must identify the FireSIGHT Management Center that will manage
this device, as explained in
Add ASA FirePOWER to the FireSIGHT Management Center, page 16-16
.
Add ASA FirePOWER to the FireSIGHT Management Center
FireSIGHT Management Center, also known as Defense Center, is a separate server that manages
multiple FirePOWER devices for the same or different models. FireSIGHT Management Center is ideal
for managing large deployments, providing configuration consistency across your devices and efficiency
in traffic analysis.
For ASA 5512-X through 5585-X, you must register the module to a FireSIGHT Management Center.
There is no other way to configure the module.
For ASA 5506-X, FireSIGHT Management Center is optional. If you do not configure one, you use
ASDM to configure the ASA FirePOWER policy. There is no CLI for policy configuration, you must
use ASDM or FireSIGHT Management Center.
To register a device, use the
configure manager add
command. A unique alphanumeric registration key
is always required to register a device to a FireSIGHT Management Center. This is a simple key that you
specify, and is not the same as a license key.
In most cases, you must provide the FireSIGHT Management Center’s hostname or the IP address along
with the registration key, for example:
configure manager add DC.example.com my_reg_key
However, if the device and the FireSIGHT Management Center are separated by a NAT device, enter a
unique NAT ID along with the registration key, and specify DONTRESOLVE instead of the hostname,
for example:
configure manager add DONTRESOLVE my_reg_key my_nat_id
Summary of Contents for ASA 5512-X
Page 5: ...P A R T 1 Service Policies and Access Control ...
Page 6: ......
Page 51: ...P A R T 2 Network Address Translation ...
Page 52: ......
Page 127: ...P A R T 3 Application Inspection ...
Page 128: ......
Page 255: ...P A R T 4 Connection Settings and Quality of Service ...
Page 256: ......
Page 303: ...P A R T 5 Advanced Network Protection ...
Page 304: ......
Page 339: ...P A R T 6 ASA Modules ...
Page 340: ......