06-07-2018 04:28 PM - edited 02-21-2020 07:51 AM
Hi, recently we bought an ASA5508x FTD, and we are doing the first set-up, but the local web browser management is very limited in my opinion, shoud we need to purchase a license to be able to download the FMC?
Solved! Go to Solution.
06-08-2018 08:25 AM
06-08-2018 08:29 AM
You're welcome.
If you convert from FTD to ASA image type, there's no new or distinct license required for the base ASA features. It would have all of the features of an ASA 5510 - and then some since the 5500 series software support stopped as of 9.1 (9.9(x) is current.)
You cannot use the FTD license for Firepower Service module though so if you want NGIPS protection you would need to purchase licenses for those features (IPS, URL Filtering and/or Malware). You'd also need to add the base Control license (no cost item) for the Firepower module.
06-07-2018 07:25 PM
06-07-2018 07:37 PM
Thank you Francesco, it is more clear for me now.
Do you know if is possible to use ASDM to manager this 5508x-FTD or to convert it to an standard ASA to be managed using ASDM?
06-07-2018 08:30 PM
An ASA 5508-X with FTD image can be managed using the local Firepower Device Manager (FDM) GUI which is free and built-in or Firepower Management Center (FMC) which requires a separate license as @Francesco Molino noted.
Cisco has enhanced what you can do with FDM as the versions have progressed. You might try upgrading to the current 6.2.3 (and patch 6.2.3.2) if you haven't already. FDM features will continue to grow over upcoming releases.
If you convert it to ASA you will need different licenses to run the Firepower service module and still have limitations with local (ASDM) management.
06-08-2018 08:24 AM
Thank you Marvin,
For example if we convert our firewall to ASA, would we have all the ASA features like an ASA5510? And do you know if I should need to purchase an ASA license to do that?
Mateus.
06-08-2018 08:29 AM
You're welcome.
If you convert from FTD to ASA image type, there's no new or distinct license required for the base ASA features. It would have all of the features of an ASA 5510 - and then some since the 5500 series software support stopped as of 9.1 (9.9(x) is current.)
You cannot use the FTD license for Firepower Service module though so if you want NGIPS protection you would need to purchase licenses for those features (IPS, URL Filtering and/or Malware). You'd also need to add the base Control license (no cost item) for the Firepower module.
06-08-2018 08:25 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide