cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
310
Views
0
Helpful
2
Replies
Highlighted
Beginner

ASA 5506 with FirePower

Implementing an ASA5506-BUN with the 3 year license L-ASA5506-TAMC-
3Y.

Would I need additional licenses for AMP on each PC?

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Guru

You license includes AMP for

Your license includes AMP for Networks allowing you to inspect files as they pass through the ASA (if you setup a File Policy).

There is a separate product - AMP for Endpoints - that allows you to inspect file behavior on the endpoints themselves (PC, Mac, Linux or Android). That is licensed per endpoint.

Both provide file protection although I would argue that the endpoint product make more sense as it will see all files no matter how they came to be on the PC (network download via https, USB drive, internal infection from another PC etc. are a few that would not be seen by a perimeter firewall).

View solution in original post

2 REPLIES 2
Beginner

No, you would just apply the

No, you would just apply the license to the module, then create your service policy rule for each vlan you want to direct traffic to the module for.
Highlighted
Hall of Fame Guru

You license includes AMP for

Your license includes AMP for Networks allowing you to inspect files as they pass through the ASA (if you setup a File Policy).

There is a separate product - AMP for Endpoints - that allows you to inspect file behavior on the endpoints themselves (PC, Mac, Linux or Android). That is licensed per endpoint.

Both provide file protection although I would argue that the endpoint product make more sense as it will see all files no matter how they came to be on the PC (network download via https, USB drive, internal infection from another PC etc. are a few that would not be seen by a perimeter firewall).

View solution in original post