Skip to content

FirePower

Cisco ASA 5508-X FirePower Threat Defense Appliance Reimage

Recently I was given a Cisco ASA 5508-X Firepower Threat Defense appliance to deploy. While these are the same hardware platform as the tried-true Cisco ASA 5508 firewalls, these run Cisco’s new ‘unified’ SourceFire linux based operating system (asa-ftd), which is essentially an operating system combining the SourceFire FirePower functionality with Cisco’s conventional firewalling capabilities. It’s Cisco’s new direction for combining these two platforms in to one hardware solution.

Without getting in to uber nerd verbosity, after unboxing the new unit and attempting to patch the OS to a new upgrade (version 6.0.2 -> 6.2.2), I was presented with a failed upgrade due to a corrupt MySQL database. Seriously ? This is why I loved the regular Cisco ASA in the first place, minimal OS running from flash memory, upgrades typically only require putting the new firmware in place, telling the Cisco ASA to boot the new firmware and reboot. The new SourceFire OS – it’s a full blown linux OS using MySQL for its backend, sigh… Since it was a new deployment and I couldn’t repair the tables or database I figured I’d go ahead and reach out to the Cisco TAC for insight.