구매 혹은 리뉴얼하기
구매 혹은 리뉴얼하기
취소
제안사항 사용
자동 제안 기능은 사용자가 입력함에 따라 가능한 일치 항목을 제안하여 검색 결과를 신속하게 좁히는 데 도움이 됩니다.
다음에 대한 결과 표시 
다음에 대한 검색 
다음을 의미합니까? 
cancel
토론 시작하기
2840
VIEWS
20
Helpful
6
답글

ASA 5508-X FTD - Should I need a separated license to download FMC

솔루션으로 이동
mateus.morais
Level 1
Level 1

‎06-07-2018 04:28 PM - 편집 ‎02-21-2020 07:51 AM

Hi, recently we bought an ASA5508x FTD, and we are doing the first set-up, but the local web browser management is very limited in my opinion, shoud we need to purchase a license to be able to download the FMC? 

1명
레이블:
0 Helpful
2 채택된 솔루션

채택된 솔루션

솔루션으로 이동
Francesco Molino
VIP Alumni
VIP Alumni
MateusMorais에 대한 응답

날짜: ‎06-08-2018 08:25 AM

You can't use ASDM to manage FTD. However, you can reimage your box with ASA software following this guide:
https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html

After this process, you will be able to manage it through ASDM.
You have to talk with Cisco licensing to convert your FTD image license to ASA license key.

Anyway, FMC license isn't so expensive with 2 devices (list price around 600$) and you will be able to have more features like port-channel, radius authentication for VPN.... FTD is the next gen image from Cisco and I would recommend keeping as is and adding FMC instead of going back to ASA unless you have a specific feature only available in asa version.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

원본 게시물의 솔루션 보기

솔루션으로 이동
Marvin Rhoads
Hall of Fame
Hall of Fame
mateus.morais에 대한 응답

날짜: ‎06-08-2018 08:29 AM

You're welcome.

 

If you convert from FTD to ASA image type, there's no new or distinct license required for the base ASA features. It would have all of the features of an ASA 5510 - and then some since the 5500 series software support stopped as of 9.1 (9.9(x) is current.)

 

You cannot use the FTD license for Firepower Service module though so if you want NGIPS protection you would need to purchase licenses for those features (IPS, URL Filtering and/or Malware). You'd also need to add the base Control license (no cost item) for the Firepower module.

원본 게시물의 솔루션 보기

6 응답 6

솔루션으로 이동
Francesco Molino
VIP Alumni
VIP Alumni

날짜: ‎06-07-2018 07:25 PM

Hi

Yes if you want to have additional capabilities you need to purchase FMC in order to use it. You have a sku allowing 2 FTD devices from VM FMC which is the cheapest one available

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

솔루션으로 이동
MateusMorais
Level 1
Level 1
Francesco Molino에 대한 응답

날짜: ‎06-07-2018 07:37 PM

Thank you Francesco, it is more clear for me now.

 

Do you know if is possible to use ASDM to manager this 5508x-FTD or to convert it to an standard ASA to be managed using ASDM?

 

 

0 Helpful

솔루션으로 이동
Marvin Rhoads
Hall of Fame
Hall of Fame
MateusMorais에 대한 응답

날짜: ‎06-07-2018 08:30 PM

An ASA 5508-X with FTD image can be managed using the local Firepower Device Manager (FDM) GUI which is free and built-in or Firepower Management Center (FMC) which requires a separate license as @Francesco Molino noted.

 

Cisco has enhanced what you can do with FDM as the versions have progressed. You might try upgrading to the current 6.2.3 (and patch 6.2.3.2) if you haven't already. FDM features will continue to grow over upcoming releases.

 

If you convert it to ASA you will need different licenses to run the Firepower service module and still have limitations with local (ASDM) management.

솔루션으로 이동
mateus.morais
Level 1
Level 1
Marvin Rhoads에 대한 응답

날짜: ‎06-08-2018 08:24 AM

Thank you Marvin, 

 

For example if we convert our firewall to ASA, would we have all the ASA features like an ASA5510? And do you know if I should  need to purchase an ASA license to do that?

 

Mateus.

0 Helpful

솔루션으로 이동
Marvin Rhoads
Hall of Fame
Hall of Fame
mateus.morais에 대한 응답

날짜: ‎06-08-2018 08:29 AM

You're welcome.

 

If you convert from FTD to ASA image type, there's no new or distinct license required for the base ASA features. It would have all of the features of an ASA 5510 - and then some since the 5500 series software support stopped as of 9.1 (9.9(x) is current.)

 

You cannot use the FTD license for Firepower Service module though so if you want NGIPS protection you would need to purchase licenses for those features (IPS, URL Filtering and/or Malware). You'd also need to add the base Control license (no cost item) for the Firepower module.

솔루션으로 이동
Francesco Molino
VIP Alumni
VIP Alumni
MateusMorais에 대한 응답

날짜: ‎06-08-2018 08:25 AM

You can't use ASDM to manage FTD. However, you can reimage your box with ASA software following this guide:
https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html

After this process, you will be able to manage it through ASDM.
You have to talk with Cisco licensing to convert your FTD image license to ASA license key.

Anyway, FMC license isn't so expensive with 2 devices (list price around 600$) and you will be able to have more features like port-channel, radius authentication for VPN.... FTD is the next gen image from Cisco and I would recommend keeping as is and adding FMC instead of going back to ASA unless you have a specific feature only available in asa version.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card