Introduction to FXOS for Firepower 2100 ASA Platform Mode

The Firepower 2100 is a single-application appliance for the Secure Firewall ASA. The Firepower 2100 runs an underlying operating system called the Secure Firewall eXtensible Operating System (FXOS).

You can run the Firepower 2100 in the following modes:

  • Appliance mode (the default)—Appliance mode lets you configure all settings in the ASA. Only advanced troubleshooting commands are available from the FXOS CLI.

  • Platform mode—When in Platform mode, you must configure basic operating parameters and hardware interface settings in FXOS. These settings include enabling interfaces, establishing EtherChannels, NTP, image management, and more. You can use the Secure Firewall Chassis Manager (formerly Firepower Chassis Manager) web interface or FXOS CLI. You can then configure your security policy in the ASA operating system using Adaptive Security Device Manager (ASDM) or the ASA CLI.

This guide describes the available FXOS settings for Platform Mode only.

ASA and FXOS Management

The ASA and FXOS operating systems share the Management 1/1 interface. This interface has separate IP addresses for connecting to ASA and to FXOS.


Note

This interface is called Management 1/1 in the ASA; in FXOS, you might see it displayed as MGMT, management0, or other similar names. This guide refers to this interface as Management 1/1 for consistency and simplicity.

Some functions must be monitored on FXOS and others on the ASA, so you need to make use of both operating systems for ongoing maintenance. For initial configuration on FXOS, you can connect to the default 192.168.45.45 IP address using SSH or your browser (https://192.168.45.45).

For initial configuration of the ASA, you can connect using ASDM to https://192.168.45.1/admin. In ASDM, you can later configure SSH access from any interface.

Both operating systems are available from the console port. Initial connection accesses the FXOS CLI. You can access the ASA CLI using the connect asa command.

You can also allow FXOS management from ASA data interfaces; configure SSH, HTTPS, and SNMP access. This feature is useful for remote management.

Unsupported Features

The following FXOS features are not supported on the Firepower 2100:

  • Backup and restore FXOS configuration

  • External AAA Authentication for FXOS

    Note that when you connect to the ASA console from FXOS (connect asa ), then ASA AAA configuration for console access applies (aaa authentication serial console ).