How to Shutdown Cisco ASA SFR or FirePower Module

Scenario:
Make: Cisco
Model: Cisco ASA 5508-X, 5506-X, 5506W-X, 5508-X series
Version: 7.0.1-84
Description: In this article, we will discuss a detailed stepwise method of how to shut down the SFR or FirePower module of Cisco ASA Firewalls.

Introduction

If you are using Cisco ASA firewalls with FirePower then it is quite possible that at some point you will be required to shut down the SFR or FirePower module without having any downtime. SFR or FirePower module could be shut down without having ASA down or having any downtime. The FirePower or SFR Module can be set up locally or at a remote site. FirePower could be added to a centralized managed system of Cisco known as FMC. FMC stands for FirePower Management Center. Considering here the FirePower or SFR module has been fully set up and FirePower Licences are activated.

Steps to Shut down Module

Step1: SSH onto ASA
SSH onto the ASA. You could Configure SSH on ASA via CLI.

Step2: Login to ASA
Login to ASA. If you are logging in SFR or FirePower module for the first time then use the FirePower default username & password. You could change or reset the SFR/FirePower password whenever needed.

login as: admin
WARNING!
Access to this device is restricted to authorized personel of edledge team only. If you are not an
authorized user, disconnect now. Any attempts to gain unauthorized access will be prosecuted to the
fullest extent of the law.

edledge-asa's password: edledge.com
User admin logged in to edledge-asa
Logins over the last 7 days: 353. Last login: 04:00:14 EST Jan 3 2022 from 10.0.1.2
Failed logins since the last login: 0. 
Type help or '?' for a list of available commands.
edledge-asa> en
Password: ************

edledge-asa#

Step3: Confirm Status
Confirm the ASA SFR or FirePower module’s current status by executing the command shown below.

edledge-asa# sh module

Mod  Card Type                                    Model           Serial No.

---- -------------------------------------------- ------------------ --

1 ASA 5508-X with FirePOWER services, 8GE, AC, ASA5508         JAD12345678

sfr FirePOWER Services Software Module           ASA5508        JAD12345678

Mod  MAC Address Range                 Hw Version   Fw Version   Sw Version

---- --------------------------------- ------------ ------------ -------

1 f4db.3738.3738 to f4db.3738.3738  3.2          1.1.13       9.13(1)10

sfr f4db.3738.3738 to f4db.3738.3738  N/A          N/A          6.0.0-1005


Mod  SSM Application Name           Status           SSM Application Version

---- ------------------------------ ---------------- -------------------

sfr ASA FirePOWER                  Up               6.0.0-1005

Mod  Status             Data Plane Status     Compatibility

---- ------------------ --------------------- -------------

1 Up Sys             Not Applicable

sfr Up                 Up

Step4: Shutdown Module
Execute the command as shown below to shut down the SFR or FirePower module.

edledge-asa# sw-module module sfr shutdown

Shutdown module sfr? [confirm] [Press Enter Here]
Shutdown issued for module sfr.
edledge-asa#

Step5: Confirmation
The status of the SFR module will change from “shutting down” to “Down” as shown below.

edledge-asa# sh module

Mod  Card Type                                    Model           Serial No.

---- -------------------------------------------- ------------------ --

1 ASA 5508-X with FirePOWER services, 8GE, AC, ASA5508         JAD12345678

sfr FirePOWER Services Software Module           ASA5508        JAD12345678

Mod  MAC Address Range                 Hw Version   Fw Version   Sw Version

---- --------------------------------- ------------ ------------ -------

1 f4db.3738.3738 to f4db.3738.3738  3.2          1.1.13       9.13(1)10

sfr f4db.3738.3738 to f4db.3738.3738  N/A          N/A          6.0.0-1005


Mod  SSM Application Name           Status           SSM Application Version

---- ------------------------------ ---------------- -------------------

sfr ASA FirePOWER                  Up               6.0.0-1005

Mod  Status             Data Plane Status     Compatibility

---- ------------------ --------------------- -------------

sfr   Shutting Down            Not Applicable


**************************************************************************************
**************************************************************************************

edledge-asa# sh module

Mod  Card Type                                    Model           Serial No.

---- -------------------------------------------- ------------------ --

1 ASA 5508-X with FirePOWER services, 8GE, AC, ASA5508         JAD12345678

sfr FirePOWER Services Software Module           ASA5508        JAD12345678

Mod  MAC Address Range                 Hw Version   Fw Version   Sw Version

---- --------------------------------- ------------ ------------ -------

1 f4db.3738.3738 to f4db.3738.3738  3.2          1.1.13       9.13(1)10

sfr f4db.3738.3738 to f4db.3738.3738  N/A          N/A          6.0.0-1005


Mod  SSM Application Name           Status           SSM Application Version

---- ------------------------------ ---------------- -------------------

sfr ASA FirePOWER                  Up               6.0.0-1005

Mod  Status             Data Plane Status     Compatibility

---- ------------------ --------------------- -------------

sfr   Down               Not Applicable

When you are done with your activity you can recover the SFR module.

Other important topics

• Reimage or Update Cisco ASA SFR Module
• Check/Change Cisco ASA FirePower SFR Module Network Settings
• Cisco ASA Unsupported SFR Module
• Unwanted ASA Failover Due To SFR Error
• TFTP “Unspecified Error” During File Transfer

Source: Knowledge Base, Lab, Cisco

EA00147