Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
478
Views
5
Helpful
1
Replies

Firepower licensing & configuration made easy

wwwww
Level 1
Level 1

‎04-12-2018 08:19 AM - edited ‎02-21-2020 07:37 AM

I would think this would be reasonably easy, but could not find the simple explanation for how to accomplish getting an ASA 5506-x w/Firepower running and licensed, specifically how it works (or if it needs to) with Cisco Firepower Management Center. I am completely lost and have read some getting started guides, but they seem to make assumptions about knowledge or existing installations that I am just finding myself frustrated and not wishing to pour literal hours into this. 

 

I have purchased the 5506 and have a URL Filtering and Malware license installed and it says it never expires, but (IPS Term Subscription is still required for IPS). I am assuming that means I need to purchase an IPS license. Would either the  L-ASA5506-TAMC-1Y or L-ASA5506-TA-1Y work, with the difference being services offered, where TAMC also has Apps, AMP and URL? Then is it just a matter of installing the license and we are good to go after configuring the Policies, or do we need CFMC?

 

The other question is how does Cisco Firepower Management Center work with this? Is it built into the ASA 5506-x w/Firepower, or is it a stand alone, web based, or need an OS to host? Does it need CFMC at all? If so, is there a cost associated with it?

1 person had this problem
Labels:
0 Helpful
1 Reply 1

dlf
Level 1
Level 1

‎04-13-2018 05:31 AM

From:

Firepower Management Center Configuration Guide, Version 6.2.2

 

 

Your purchase of a managed device that uses Classic Licenses automatically includes Control and Protection licenses. 
These licenses are perpetual, but you must also purchase a TA service subscription to enable system updates. 
Service subscriptions for additional features are optional.

The PAK that came with the device is used to license the Control and Protection features. The additional TA-subscription is needed to receive the updates for the Snort-engine.

The higher-up services do rely on the Control and Protection features.

 

 

My understanding is that FMC (physical or virtual appliance) is mandatory only if you're running the FTD-image or want to manage multiple ASAs from a central location.

An ASA 5506-x with FirePOWER module running the ASA-image can be managed via ASDM.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card