Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2477
Views
20
Helpful
6
Replies

ASA 5508-X FTD - Should I need a separated license to download FMC

Go to solution
mateus.morais
Level 1
Level 1

‎06-07-2018 04:28 PM - edited ‎02-21-2020 07:51 AM

Hi, recently we bought an ASA5508x FTD, and we are doing the first set-up, but the local web browser management is very limited in my opinion, shoud we need to purchase a license to be able to download the FMC? 

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to MateusMorais

‎06-08-2018 08:25 AM

You can't use ASDM to manage FTD. However, you can reimage your box with ASA software following this guide:
https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html

After this process, you will be able to manage it through ASDM.
You have to talk with Cisco licensing to convert your FTD image license to ASA license key.

Anyway, FMC license isn't so expensive with 2 devices (list price around 600$) and you will be able to have more features like port-channel, radius authentication for VPN.... FTD is the next gen image from Cisco and I would recommend keeping as is and adding FMC instead of going back to ASA unless you have a specific feature only available in asa version.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mateus.morais

‎06-08-2018 08:29 AM

You're welcome.

 

If you convert from FTD to ASA image type, there's no new or distinct license required for the base ASA features. It would have all of the features of an ASA 5510 - and then some since the 5500 series software support stopped as of 9.1 (9.9(x) is current.)

 

You cannot use the FTD license for Firepower Service module though so if you want NGIPS protection you would need to purchase licenses for those features (IPS, URL Filtering and/or Malware). You'd also need to add the base Control license (no cost item) for the Firepower module.

View solution in original post

6 Replies 6

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎06-07-2018 07:25 PM

Hi

Yes if you want to have additional capabilities you need to purchase FMC in order to use it. You have a sku allowing 2 FTD devices from VM FMC which is the cheapest one available

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
MateusMorais
Level 1
Level 1
In response to Francesco Molino

‎06-07-2018 07:37 PM

Thank you Francesco, it is more clear for me now.

 

Do you know if is possible to use ASDM to manager this 5508x-FTD or to convert it to an standard ASA to be managed using ASDM?

 

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to MateusMorais

‎06-07-2018 08:30 PM

An ASA 5508-X with FTD image can be managed using the local Firepower Device Manager (FDM) GUI which is free and built-in or Firepower Management Center (FMC) which requires a separate license as @Francesco Molino noted.

 

Cisco has enhanced what you can do with FDM as the versions have progressed. You might try upgrading to the current 6.2.3 (and patch 6.2.3.2) if you haven't already. FDM features will continue to grow over upcoming releases.

 

If you convert it to ASA you will need different licenses to run the Firepower service module and still have limitations with local (ASDM) management.

Go to solution
mateus.morais
Level 1
Level 1
In response to Marvin Rhoads

‎06-08-2018 08:24 AM

Thank you Marvin, 

 

For example if we convert our firewall to ASA, would we have all the ASA features like an ASA5510? And do you know if I should  need to purchase an ASA license to do that?

 

Mateus.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mateus.morais

‎06-08-2018 08:29 AM

You're welcome.

 

If you convert from FTD to ASA image type, there's no new or distinct license required for the base ASA features. It would have all of the features of an ASA 5510 - and then some since the 5500 series software support stopped as of 9.1 (9.9(x) is current.)

 

You cannot use the FTD license for Firepower Service module though so if you want NGIPS protection you would need to purchase licenses for those features (IPS, URL Filtering and/or Malware). You'd also need to add the base Control license (no cost item) for the Firepower module.

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to MateusMorais

‎06-08-2018 08:25 AM

You can't use ASDM to manage FTD. However, you can reimage your box with ASA software following this guide:
https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html

After this process, you will be able to manage it through ASDM.
You have to talk with Cisco licensing to convert your FTD image license to ASA license key.

Anyway, FMC license isn't so expensive with 2 devices (list price around 600$) and you will be able to have more features like port-channel, radius authentication for VPN.... FTD is the next gen image from Cisco and I would recommend keeping as is and adding FMC instead of going back to ASA unless you have a specific feature only available in asa version.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card