The module has a basic command line interface (CLI) for initial configuration and troubleshooting only. You configure the security policy on the ASA FirePOWER module using one of the following methods:

  • Firepower Management Center—Can be hosted on a separate Firepower Management Center appliance or as a virtual appliance. Previous to version 6.0, the management center was called FireSIGHT Management Center.
  • Adaptive Security Device Manager .You can manage both the ASA and the module using the on-box ASDM.

Compatibility with ASA Features

The ASA includes many advanced application inspection features, including HTTP inspection. However, the ASA FirePOWER module provides more advanced HTTP inspection than the ASA provides, as well as additional features for other applications, including monitoring and controlling application usage.

You must follow these configuration restrictions on the ASA:

  • Do not configure ASA inspection on HTTP traffic that you send to the ASA FirePOWER module.
  • Do not configure Cloud Web Security (ScanSafe) inspection on traffic that you send to the ASA FirePOWER module. If traffic matches both your Cloud Web Security and ASA FirePOWER service policies, the traffic is forwarded to the ASA FirePOWER module only. If you want to implement both services, ensure there is no overlap between the traffic matching criteria for each service.
  • Do not enable the Mobile User Security (MUS) server; it is not compatible with the ASA FirePOWER module.

Other application inspections on the ASA are compatible with the ASA FirePOWER module, including the default inspections.