Converting Cisco Firepower from Platform mode to Appliance mode. Full ASA Backup with ASDM
This article explains how to configure a Cisco Firepower 2100 series device to operate in Appliance mode. We’ll show you how to switch from Platform mode to Appliance mode and how the device will automatically convert and retain your ASA configuration.
Before performing the conversion, its important to obtain a full backup of the Firepower system and therefore also cover how to backup your Cisco Firepower appliance configuration, certificates, VPN configuration(including pre-shared keys), VPN profiles and more, using the Cisco Adaptive Security Device Manager (ASDM).
Key Topics:
- Cisco Firepower Platform and Appliance Mode
- How to Backup Cisco ASA using ASDM
- Converting Firepower from Platform to Appliance Mode
- Summary
More in-depth technical articles can be found in our Cisco Firewall section.
Cisco Firepower Platform and Appliance Mode
The Cisco Firepower 2100 series operates on an underlying system called FXOS. You can run the Firepower 2100 for ASA in two modes:
- Platform Mode: In this mode, you need to configure basic operating parameters and hardware interface settings within FXOS. This includes tasks like enabling interfaces, setting up EtherChannels, managing NTP, and handling image management. You can use either the chassis manager web interface or the FXOS CLI for these configurations. Afterward, you can set up your security policy in the ASA operating system using ASDM or the ASA CLI.
- Appliance Mode (Default): This mode allows you to configure all settings directly in the ASA. Only advanced troubleshooting commands are available through the FXOS CLI in this mode. Appliance mode is similar to how the old ASA Firewalls (5500 series) ran when the FXOS didn’t exist.
The Management 1/1 interface is used to manage the Firepower device. The interface is configured with two IP addresses, one for the FXOS and one for the ASA. When changing to Appliance mode, the FXOS IP address is lost and will need to be reconfigured, however you can connect to the FXOS directly from the ASA software using the following command: