Hi jcarvaja,

Thx for your support.

Ok , i see.

One more questions

for enable Context-Aware in ASA5512-x, we need to buy PRSM (Prime Security Manager) ?

Regards,

Susanto

Hi Julio

I see that this post has two years since posted.

Do you know if now is there any possibilities to have both ips and cx working at the same time? 

I have an ASA 5512-x too.

Thanks in advance.

Best regards!

ysantizo1,

Please see the posts later on in this thread past the initial question and answer.

Cisco did add basic IPS functionality and associated licensing to the CX module in December 2013.

However, the end-of-sales for the entire product has since been announced. You can technically purchase the IPS license through 17 August 2015 but you will be discouraged from doing so as it will not be enhanced going forward.

The replacement product is the FirePOWER Service module, based on technology from the Sourcefire acquisition. That is a much more capable and powerful solution. The CX software module can be re-imaged to a FirePOWER module ("sfr") and then licensed and configured from a FireSIGHT Management Center.

That is Cisco's strategic product direction moving forward. As noted in the End of Sales document:

"Customers are encouraged to migrate from Cisco ASA CX Context-Aware Security to Cisco ASA with FirePOWER Services. Information about this product can be found at: 
http://www.cisco.com/c/en/us/products/security/asa-firepower-services/index.html."

Hi

jcarvaja and Marvin,

Thank You

Now, it's clear.

See you Pal

Hi Marvin,

If the ASA Firewall devices 5545-X, 5555-X or 5585-X is it possible include Firewall + IPS + Contex Aware in Single Box ?

rgds,

Charis

Charis,

You cannot combine the IPS and Context Aware features on any of the ASA platforms at this time.

It is not yet supported  IPS and Context Aware features on any of the ASA platforms at this time?

in the new release 9.2 talk about support IPS filtering..

http://www.cisco.com/en/US/partner/docs/security/asacx/roadmap/asacxprsm_new_features.html

•Next Generation IPS filtering, including automatic signature updates, global  settings, dasbhoards, events, and reporting. You configure IPS filtering  directly in access policies. Next Generation IPS filtering is a  separately-licensed service; the device includes an evaluation license.

boy its no so clear..

The ASA CX and PRSM 9.2 (just released last week) adds the ability to run NGFW IPS with the other CX functions (AVC and WSE).

It's not the exact same IPS product as the traditional Cisco IPS appliance (or module) but more threat-based vs. signature-based.

It does require an IPS license for the CX.

Dear Marvin,

Based on your post, I believe if we quote:

"ASA5515-SSD120-K9" with "ASA5525-AI1Y" OR "ASA5525-AWI1Y"

then CX and IPS features will be readily available within the same box.

Regards,

Farhan.

Farhan,

Yes that is correct. The exact order would also include the service contract line item for the base ASA as it is a prerequisite for the subscription services. If you use Cisco Commerce Workspace (CCW) as a partner this will be automatically included.

You also have the option of quoting 3-year and 5-year subscriptions. They are discounted when purchased up front that way.

Dear Marvin,

Yes sure, SMARTNET is a must when procuring subscription services.

Thanks for clearing out. Now I will tell our clients to go for ASA NGN Firewalls since it has the features to become a robust security solution.

Regards,

Farhan.