cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
804
Views
0
Helpful
1
Replies

ASA-5545X-IPS Licenses and SSM / SSP Module

usman ali dar
Level 1
Level 1

hey,

i am trying to understand about the Licenses for the IPS for our firewalls.

we have 2x firewalls both are 5545-X with 8GE standard Configurations. we are planning to configure them in A/A A/S configurations and configure 2 context for different services.

please correct me here i now i need 2x Software Licenses for my Both Firewalls to support IPS Features and that's it no more hardware to add 

like SSM or SSP ? 

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

The current "IPS" type for Cisco ASAs is the FirePOWER service module. You will see it as module type "sfr" (from the Sourcefire acquisition) when looking at the command line interface (i.e., "show module" command).

The sfr module does require the SSD drive be installed on a 5545-X. You can check for it by looking at the front panel or else looking via the command "show inventory".

Assuming you have that, you do need licenses for both ASAs. The available licenses types are Control (no cost and permanent but required) and IPS, URL Filtering and Malware. The latter three can be combined in bundles and are term licenses (1-5 years).

You are also advised to run a FirePOWER Management Center to manage to configuration and reporting from the FirePOWER modules. While you can technically manage them both locally (via ASDM), any changes have to be done twice as that part of the configuration does not synchronize between the units.

View solution in original post

1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

The current "IPS" type for Cisco ASAs is the FirePOWER service module. You will see it as module type "sfr" (from the Sourcefire acquisition) when looking at the command line interface (i.e., "show module" command).

The sfr module does require the SSD drive be installed on a 5545-X. You can check for it by looking at the front panel or else looking via the command "show inventory".

Assuming you have that, you do need licenses for both ASAs. The available licenses types are Control (no cost and permanent but required) and IPS, URL Filtering and Malware. The latter three can be combined in bundles and are term licenses (1-5 years).

You are also advised to run a FirePOWER Management Center to manage to configuration and reporting from the FirePOWER modules. While you can technically manage them both locally (via ASDM), any changes have to be done twice as that part of the configuration does not synchronize between the units.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: