Thanks,

yeruel77 · ‎07-19-2017

Hi Team,

We buy Cisco ASA5525-FPWR-BUN (QTY=2), It will be deploy as datacenter with connectivity of coreswitchs(C6807-XL) and server farm switches(WS-C3850-48T-S). Please share the valid design, deploy and configuration Guide.

My design attached.

The licenses are control and IPS licenses.

Here is BoM.

2	ASA 5525 NGFW (Qty 2)
	ASA5525-FPWR-BUN	ASA 5525-X with FirePOWER Svcs. Chassis and Subs. Bundle	1
	ASA5525-FPWR-K9	ASA 5525-X with FirePOWER Services, 8GE, AC, 3DES/AES, SSD	2
	CON-3SNT-A25FPK9	3YR SNTC 8X5XNBD ASA 5525-X with FirePOWER Services, 8GE	2
	CAB-ACE	AC Power Cord (Europe), C13, CEE 7, 1.5M	2
	SF-ASA-X-9.2.2-K8	ASA 9.2.2 Software image for ASA 5500-X Series,5585-X,ASA-SM	2
	SF-ASA-FP5.4-K9	Cisco FirePOWER Software v5.4 for ASA 5500-X	2
	ASA5525-CTRL-LIC	Cisco ASA5525 Control License	2
	ASA5500X-SSD120INC	ASA 5512-X through 5555-X 120GB MLC SED SSD (Incl.)	2
	ASA5525-MB	ASA 5525 IPS Part Number with which PCB Serial is associated	2
	ASA5500-ENCR-K9	ASA 5500 Strong Encryption License (3DES/AES)	2
	L-ASA5525-TA=	Cisco ASA5525 FirePOWER IPS License	2
	L-ASA5525-TA-3Y	Cisco ASA5525 FirePOWER IPS 3YR Subscription	2

Marvin Rhoads · ‎07-19-2017

The 5525-X throughput with IPS running is at best no more than 650 Mbps. That may restrict your throughput between your servers and the rest of the network.

A Firepower 2100 or 4100 series would typically be recommended for data center designs.

yeruel77 · ‎07-19-2017

Thanks,

for now we purchased ASA 5525 FPWR, Can you share configuration and connectivity?

Marvin Rhoads · ‎07-20-2017

This is a community support forum - we don't build your configurations here. That would be more of a pprofessional services engagement for which many people (myself included) make a living during their "day job".

If you have a specific question about trying to use a certain feature or technology then we are happy to help.

Otherwise please refer to the Cisco documentation on the product support page:

http://www.cisco.com/c/en/us/support/security/asa-5500-series-next-generation-firewalls/tsd-products-support-series-home.html

I do also notice there is no Firepower Management Center in your bill of materials. That would be strongly recommended to manage your ASAs' FirePOWER service modules.

yeruel77 · ‎09-04-2017

Hi Team, I want you to help me on this. I have Cisco ASA 5525 with FPWR module and Firepower managment center to deploy on Datacenter as IPS with failover active/Standby.

1. How can i configure ASA with Firepower as Active/Standby?

2. Is it possible If I configure the ASA in a failover pair, the ASA FirePOWER configuration does automatically synchronize with the ASA FirePOWER module on the secondary device?

3. is the same configuration as ASA failover for ASA with firepower case?

Marvin Rhoads · ‎09-04-2017

The configuration for ASA with Firepower Active-Standby is the same as without Firepower. That's because the separate Firepower modules have no awareness of each other or the fact that the ASA units in which they reside are part of a failover pair.

Thus the Firepower modules do not synchronize either configuration or state. To sync configuration we use the external Firepower Management Center product and group the modules together in a device group. Then when we apply policy or updates it happens for both modules together. State is never synchronized between Firepower modules so a failover event can result in some "in-flight" flows not getting fully inspected.

Cisco 5525 ASA FPWR Deployment in Datacenter