03-06-2013 01:33 AM - edited 03-11-2019 06:10 PM
Dear All Master
is that possible ASA5512-X include Firewall + IPS + Context-Aware in single box ?
If possible, so buy "ASA5512-IPS-K9" + "ASA5512-AW1Y-PR=" ?
for enable Context-Aware in ASA5512-x, we need to buy PRSM (Prime Security Manager) ?
Thanks,
Susanto
Solved! Go to Solution.
03-06-2013 08:17 PM
Hello,
Nope, It came built in in the Cisco ASA CX box...
Regards,
03-06-2013 08:21 PM
Hi Susanto,
Julio is correct - as of now you can run CX or IPS but not both. That may change in the future.
With regard to PRSM, each ASA CX comes pre-installed with an “on-box” version of PRSM that can be used to manage a single CX module. This version does not require a separate license. It has limited storage available for event logging and reporting purposes. In all but the most trivial CX deployments, it is recommended that customers procure PRSM central management solution.
The centralized off-box solution is avaialble as a VM (5, 10, or 25 device version) or as a physical appliance.
03-06-2013 08:46 AM
Hello,
Both of them are software based but I would say that the ASA would only support one at the time,
I heard that in a moment the CX would have IPS capabilities,
Regards,
Julio Carvajal
03-06-2013 05:28 PM
Hi jcarvaja,
Thx for your support.
Ok , i see.
One more questions
for enable Context-Aware in ASA5512-x, we need to buy PRSM (Prime Security Manager) ?
Regards,
Susanto
03-06-2013 08:17 PM
Hello,
Nope, It came built in in the Cisco ASA CX box...
Regards,
05-27-2015 03:32 PM
Hi Julio
I see that this post has two years since posted.
Do you know if now is there any possibilities to have both ips and cx working at the same time?
I have an ASA 5512-x too.
Thanks in advance.
Best regards!
05-27-2015 07:06 PM
ysantizo1,
Please see the posts later on in this thread past the initial question and answer.
Cisco did add basic IPS functionality and associated licensing to the CX module in December 2013.
However, the end-of-sales for the entire product has since been announced. You can technically purchase the IPS license through 17 August 2015 but you will be discouraged from doing so as it will not be enhanced going forward.
The replacement product is the FirePOWER Service module, based on technology from the Sourcefire acquisition. That is a much more capable and powerful solution. The CX software module can be re-imaged to a FirePOWER module ("sfr") and then licensed and configured from a FireSIGHT Management Center.
That is Cisco's strategic product direction moving forward. As noted in the End of Sales document:
"Customers are encouraged to migrate from Cisco ASA CX Context-Aware Security to Cisco ASA with FirePOWER Services. Information about this product can be found at:
http://www.cisco.com/c/en/us/products/security/asa-firepower-services/index.html."
03-06-2013 08:21 PM
Hi Susanto,
Julio is correct - as of now you can run CX or IPS but not both. That may change in the future.
With regard to PRSM, each ASA CX comes pre-installed with an “on-box” version of PRSM that can be used to manage a single CX module. This version does not require a separate license. It has limited storage available for event logging and reporting purposes. In all but the most trivial CX deployments, it is recommended that customers procure PRSM central management solution.
The centralized off-box solution is avaialble as a VM (5, 10, or 25 device version) or as a physical appliance.
03-06-2013 08:40 PM
Hi
jcarvaja and Marvin,
Thank You
Now, it's clear.
See you Pal
03-06-2013 11:03 PM
Hi Marvin,
If the ASA Firewall devices 5545-X, 5555-X or 5585-X is it possible include Firewall + IPS + Contex Aware in Single Box ?
rgds,
Charis
03-07-2013 06:04 AM
Charis,
You cannot combine the IPS and Context Aware features on any of the ASA platforms at this time.
10-23-2013 08:33 AM
It is not yet supported IPS and Context Aware features on any of the ASA platforms at this time?
in the new release 9.2 talk about support IPS filtering..
http://www.cisco.com/en/US/partner/docs/security/asacx/roadmap/asacxprsm_new_features.html
•Next Generation IPS filtering, including automatic signature updates, global settings, dasbhoards, events, and reporting. You configure IPS filtering directly in access policies. Next Generation IPS filtering is a separately-licensed service; the device includes an evaluation license.
boy its no so clear..
10-23-2013 09:55 AM
The ASA CX and PRSM 9.2 (just released last week) adds the ability to run NGFW IPS with the other CX functions (AVC and WSE).
It's not the exact same IPS product as the traditional Cisco IPS appliance (or module) but more threat-based vs. signature-based.
It does require an IPS license for the CX.
04-13-2014 11:00 PM
Dear Marvin,
Based on your post, I believe if we quote:
"ASA5515-SSD120-K9" with "ASA5525-AI1Y" OR "ASA5525-AWI1Y"
then CX and IPS features will be readily available within the same box.
Regards,
Farhan.
04-14-2014 04:54 AM
Farhan,
Yes that is correct. The exact order would also include the service contract line item for the base ASA as it is a prerequisite for the subscription services. If you use Cisco Commerce Workspace (CCW) as a partner this will be automatically included.
You also have the option of quoting 3-year and 5-year subscriptions. They are discounted when purchased up front that way.
04-14-2014 10:30 PM
Dear Marvin,
Yes sure, SMARTNET is a must when procuring subscription services.
Thanks for clearing out. Now I will tell our clients to go for ASA NGN Firewalls since it has the features to become a robust security solution.
Regards,
Farhan.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide