I was very excited when FirePOWER 6.0 came out with support for Adaptive Security Device Manager (ASDM). ASDM complements CLI greatly on ASA from the configuration, management, and troubleshooting perspective so I was expecting the same for FirePOWER.
Components:
Cisco FirePOWER: 6.0
Take note of the following requirements and limitations:
- Managing FirePOWER sensor from Management Center disables ASDM access. Documentation is not clear on that and the error you get is not very descriptive.
- Do not use ASA Management port for ASA management. Remove IP address, nameif, and security level from Management interface.
- Do put ASA management interface (or whichever interface is used to manage ASA) and FirePOWER management interface on the same subnet.
- ASA and ASDM code have to be at a certain level based on FirePOWER version.
- ASDM Identity certificate needs to be created and imported into computer Java setting for ASDM to connect to FirePOWER.
- ASDM does not work with FirePOWER on Windows 10 and latest Java version. The following error will be displayed “ASDM was unable to load the firewall’s configuration”.The error is related to Cisco Bug ID CSCuw54048. The workaround is to use Windows 7 or downgrade to Java 8u51.
After all the steps I finally had access to the sensor from ASDM. I found a few useful features.
FirePOWER Dashboard has information on CPU usage, latest Rule/VDB updates and uptime which are very convenient at troubleshooting.
ASDM FirePOWER Syslog is a nice addition even so you can do the same with “tail -f” from CLI expert mode.
These features are nice but after all, I’m back to managing and monitoring sensors with Management Center and leveraging CLI for any advance troubleshooting. ASDM was a good idea, but unfortunately, will not work in the enterprise environment.