Cisco ASA 5506W-X FIREPOWER Example startup-config

Example is for a new Retail Purchase and Requires ASA Version 9.7(1)

My Flash contains these 2 files: asa971-lfbff-k8.SPA and asdm-771-150.bin

Allows SSH, ASDM Access via LAN and Wireless, Permits Ping and Traceroute via Extended ACL

I recently received a Cisco ASA 5506W-X for a Vulnerability Assessment

Step 1: Console into the ASA Device, get to enable prompt

Step 2: Copy and Paste the pieces of config you like seen below, CTRL^Z, write

Out of the Box with 9.7(1) use the LAN with DHCP to Surf the Internet: No Config Required!

Blog Post: Config Sourcefire on CLI to enable Control Panel | Reference Config: Cisco ASA-5506W-X Wireless Radio startup-config
! ASA Version 9.7(1) 
interface GigabitEthernet1/1
 nameif outside
 security-level 0
 ip address dhcp setroute 
interface GigabitEthernet1/2
 bridge-group 1
 nameif inside_1
 security-level 100
interface GigabitEthernet1/3
 bridge-group 1
 nameif inside_2
 security-level 100
interface GigabitEthernet1/4
 bridge-group 1
 nameif inside_3
 security-level 100
interface GigabitEthernet1/5
 bridge-group 1
 nameif inside_4
 security-level 100
interface GigabitEthernet1/6
 bridge-group 1
 nameif inside_5
 security-level 100
interface GigabitEthernet1/7
 bridge-group 1
 nameif inside_6
 security-level 100
interface GigabitEthernet1/8
 bridge-group 1
 nameif inside_7
 security-level 100
interface GigabitEthernet1/9
 nameif wifi
 security-level 100
 ip address 
interface Management1/1
 no nameif
 no security-level
 no ip address
interface BVI1
 nameif inside
 security-level 100
 ip address 
ftp mode passive
dns domain-lookup inside_1
dns domain-lookup inside_2
dns domain-lookup inside_3
dns domain-lookup inside_4
dns domain-lookup inside_5
dns domain-lookup inside_6
dns domain-lookup inside_7
dns domain-lookup wifi
dns domain-lookup inside
dns server-group DefaultDNS
same-security-traffic permit inter-interface
object network obj_any1
object network obj_any2
object network obj_any3
object network obj_any4
object network obj_any5
object network obj_any6
object network obj_any7
object network obj_any_wifi
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
access-list traceroute remark Allow traceroute
access-list traceroute extended permit icmp any any time-exceeded log 
access-list traceroute remark Allow traceroute
access-list traceroute extended permit icmp any any unreachable log 
pager lines 24
logging enable
logging buffer-size 640000
logging asdm-buffer-size 512
logging asdm notifications
logging device-id string ciscoasa
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
mtu outside 1500
mtu inside_1 1500
mtu inside_2 1500
mtu inside_3 1500
mtu inside_4 1500
mtu inside_5 1500
mtu inside_6 1500
mtu inside_7 1500
mtu wifi 1500
ip verify reverse-path interface wifi
icmp unreachable rate-limit 10 burst-size 5
asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
object network obj_any1
 nat (inside_1,outside) dynamic interface
object network obj_any2
 nat (inside_2,outside) dynamic interface
object network obj_any3
 nat (inside_3,outside) dynamic interface
object network obj_any4
 nat (inside_4,outside) dynamic interface
object network obj_any5
 nat (inside_5,outside) dynamic interface
object network obj_any6
 nat (inside_6,outside) dynamic interface
object network obj_any7
 nat (inside_7,outside) dynamic interface
object network obj_any_wifi
 nat (wifi,outside) dynamic interface
access-group traceroute in interface outside
route outside 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
user-identity ad-agent event-timestamp-check
aaa authentication ssh console LOCAL 
aaa authentication enable console LOCAL 
aaa authentication http console LOCAL 
aaa authentication telnet console LOCAL 
aaa authorization command LOCAL 
aaa authorization http console LOCAL
http server enable
http inside_1
http inside_2
http inside_3
http inside_4
http inside_5
http inside_6
http inside_7
http wifi
no snmp-server location
no snmp-server contact
service sw-reset-button
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet inside_1
telnet inside_2
telnet wifi
telnet timeout 5
ssh scopy enable
ssh stricthostkeycheck
ssh inside_1
ssh inside_2
ssh wifi
ssh timeout 5
ssh key-exchange group dh-group14-sha1
console timeout 0

dhcpd dns
dhcpd domain
dhcpd address wifi
dhcpd dns interface wifi
dhcpd domain interface wifi
dhcpd enable wifi
dhcpd address inside
dhcpd dns interface inside
dhcpd domain interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address
threat-detection scanning-threat shun except ip-address
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server source outside prefer
dynamic-access-policy-record DfltAccessPolicy
class-map class_default
class-map inspection_default
 match default-inspection-traffic
policy-map type inspect dns preset_dns_map
  message-length maximum client auto
  message-length maximum 512
  no tcp-inspection
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
  inspect ip-options 
  inspect icmp 
  inspect icmp error 
 class class-default
  user-statistics accounting
service-policy global_policy global
prompt hostname context 
no call-home reporting anonymous
hpm topN enable