I'm looking into Cisco 2100 firewalls and I need it to have a TAMC license but I'm unable to find this kind of license that would enable IPS functionality. I'm only able to select TMC license which does not include IPS funtionality.
The documentation states "The Cisco Firepower 2100 Series appliances can be deployed either as a Next-Generation Firewall (NGFW) or as a Next-Generation IPS (NGIPS)" so I guess it should support IPS.
Solved! Go to Solution.
TAMC basically covers everything. For the IPS only feature, we only require TA license.
Please refer to the below screenshot and the link:
And IPS license TA can be individually installed without any prior license addition.
If you install 2100 as FPWR then you wont be able to install IPS features, that will basically convert it into ASA. For all the features like IPS, ASA, Malware, and URL filtering, use it in NGIPS mode.
Hi @Ajay Saini
I need to use it with all the licenses (TAMC).
Question is how do I use it in NGIPS mode?
If I select top Part number: FPR2130-BUN then I only have two options to select for hardware:
(see the attached screenshot).
So no option for NGIPS.
If on the other hand I select FPR4110-BUN as top part number then there is an option to add FPR4110-NGIPS-K9 as hardware.
Hence my question here: Is NGIPS mode supported on 2100 series (like the documentation says it is) or is it only available on the 4100 series?
NGIPS mode is definitely supported, I have a 2140 HA pair configured and working as NGIPS with all the features. Out of 2, you should order FPR2130-NGFW-K9. This will run FTD image vs an ASA image which runs on FPR2130-ASA-K9.
Hi @Ajay Saini
If I select FPR2130-NGFW-K9 as the hardware then under subscription I only have this options:
-L-FPR2130T-T= - Threat Defense Threat Protection License
-L-FPR2130T-TM= - Threat Defense Threat and Malware License
-L-FPR2130T-TC= - Threat Defense Threat and URL License
-L-FPR2130T-TMC= - Threat Defense Threat, Malware and URL License
(See attached screenshot)
So no option for IPS?
Which one of the licenses would cover everything (IPS, Malware, URL filtering)?
Thank you very much for clearing that up. It's definitely confusing.
And what about management? The devices should be managed through a regular Firepower management server right? Are additional licenses required for this (for the management through a Firepower management server)?
Can the same firepower management server manage ASA 5545 with firepower and 2100 firewalls?
FMC will manage only firepower portion of the ASA, not the complete ASA. Unlike ASDM, FMC will only manage the firepower components. Also, if you have sufficient licenses and memory available, you should be able to manage multiple devices using same FMC. So, you should be able to manage ASA 5545 Firepower and 2130 devices(provided license is sufficient)
License is required for FMC to be able to manage sensors(devices). For example, Virtual FMC can manage 2,10 or 25 devices based on the license added:
Ofcourse all the licenses are added to the FMC(FMC and device licenses) once it is installed.
Yes, I'm aware that you buy a FMC with a certain ammount of licenses for the number of the devices that it should manage.
What I meant was are some licenses required on the 2100 so that it can me managed by a FMC? Like connect license?
No specific license is needed on 2100 or any other device to be managed by FMC.
The only license required is the FMC license wherein we define the number of devices that can be managed.