Solved: ASA 5515-X Series IPS Model

Mero Cisco · ‎12-05-2012

Hi,

I am very much confused on which IPS model is included on ASA 5515 X series, part no. ASA5515-IPS-K9.

I guess they include AIP SSC 5. I am looking for AIP-SSM-10 or AIP-SSM-20 feature. Can we get this kind of feature by adding licence or not on this ASA ?

Thanks in advance for your response.

Mero

julomban · ‎12-05-2012

Mero,

The ASA 5512-X and 5515-X optionally provide broad and deep network security through an array of integrated cloud- and software-based security services, including ASA CX Context-Aware Security technology, Cisco Cloud Web Security, and the only context-aware IPS with no need for additional hardware.

Licensing Requirements for the ASA IPS module

The following table shows the licensing requirements for this feature:


Model	License Requirement
ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, ASA 5555-X	IPS Module License.¹
All other models	Base License.

¹For failover pairs, both units require the IPS module license.

Regards,

Juan Lombana

Please rate helpful posts.

View solution in original post

julomban · ‎12-06-2012

Mero,

If you need a firewall that meets small-office performance and cost needs yet delivers enterprise-strength security. The Cisco ASA5515 was designed with this in mind. Available in a wide range of sizes and performance levels to fit your network, budget, and evolving security needs, all models deliver the same proven level of security that protects the networks of some of the largest and most security-conscious companies in the world.

The ASA5520 its more when you have a midsize businesses protecting the Internet edge and require the same level of protection as large, enterprise networks. You require enterprise-strength security, but purchasing a firewall that was built to handle the performance needs and budget of a large enterprise would be unnecessary and a waste of company resources. You need a firewall that provides the performance you need, at a price you can afford, along with the visibility and control you need to take advantage of new applications and devices without compromising security.

At the end it really depends on your company requirements.

Regards,

Juan Lombana

Please rate helpful posts.

View solution in original post

Paul Preston · ‎04-13-2013

Hi Mero,

1. Devices from ASA5500X series of firewalls come in two flavors: with IPS and without IPS. Hence hardware is precisely the same, its only a license limitation. However, I don't believe that it meets all of your requirements. Please find more information about IPS in ASA5500X series below:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/data_sheet_c78_459036.pdf

2. no, you may need some additional licenses to IPS like botnet license etc

3.main features are described in the document that I have referred to in point 1

4. you will need to contact Cisco Certified Partner in your country to obtain that information

you can always read about Cisco ASA5515-K9 and compare it to older models on following website:

http://www.proxar.co.uk/news/first-impression-on-new-cisco-asa-5500-x-series-firewalls

http://www.datacentreshop.co.uk/

--

Paul Preston

Proxar IT Ltd. Registered in England and Wales: 6744401- VAT: 942985479

-- Paul Preston Proxar IT Ltd. Registered in England and Wales: 6744401- VAT: 942985479 Tubs Hill House, London Road, Sevenoaks, Kent, TN13 1BL Tel: (+44) 0844 809 4335 Fax: (+44) 01732 468 574 Mob: (+44) 077 9509 3450 Web: www.proxar.co.uk Email

View solution in original post

julomban · ‎12-05-2012

Mero,

The ASA 5512-X and 5515-X optionally provide broad and deep network security through an array of integrated cloud- and software-based security services, including ASA CX Context-Aware Security technology, Cisco Cloud Web Security, and the only context-aware IPS with no need for additional hardware.

Licensing Requirements for the ASA IPS module

The following table shows the licensing requirements for this feature:


Model	License Requirement
ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, ASA 5555-X	IPS Module License.¹
All other models	Base License.

¹For failover pairs, both units require the IPS module license.

Regards,

Juan Lombana

Please rate helpful posts.

Mero Cisco · ‎12-05-2012

Dear Lombana,

Thanks for your prompt response.

I have already got one plain ASA 5520. I want to maintain the failover and IPS as well. Now, I have the option to buy one AIP-SSM-20 to install it on old ASA 5520 and another ASA-5520-AIP20-K9 or to buy ASA 5515-IPS-K9.

Which device should I buy, in terms of better and best security.

a. ASA-5520-AIP20-K9 and AIP-SSM-20 (for old ASA 5520)

or

b. ASA 5515-IPS-K9

and why should I buy, which features differentiate these options.

Regards,

Mero

julomban · ‎12-06-2012

Mero,

If you need a firewall that meets small-office performance and cost needs yet delivers enterprise-strength security. The Cisco ASA5515 was designed with this in mind. Available in a wide range of sizes and performance levels to fit your network, budget, and evolving security needs, all models deliver the same proven level of security that protects the networks of some of the largest and most security-conscious companies in the world.

The ASA5520 its more when you have a midsize businesses protecting the Internet edge and require the same level of protection as large, enterprise networks. You require enterprise-strength security, but purchasing a firewall that was built to handle the performance needs and budget of a large enterprise would be unnecessary and a waste of company resources. You need a firewall that provides the performance you need, at a price you can afford, along with the visibility and control you need to take advantage of new applications and devices without compromising security.

At the end it really depends on your company requirements.

Regards,

Juan Lombana

Please rate helpful posts.

Mero Cisco · ‎12-08-2012

Dear Lombana,

Our requirement is very low as compared to others. Only about 50 mbps flow. I guess ASA5515 can handle this flow easily. Can it still handle the following features ? Won't the performance decrease when most of the below features are implemented ?

Zero-Day Protection with Anomaly Detection

Global Correlation

Application Control

URL Filtering

Anti-Bot

Antivirus

Identity Awareness

DLP

Web Security

Anti-Spam & Email Security

I am very much confused about the licencing of ASA.

1. Which licences can fulfill the above mentioned features?

2. Can only one license can fulfill this requirement?

3. What is the main features of 5515-IPS-K9 model?

4. Could you please segegrate the above mentioned feature requirements according to licencing ? Means which licence gives what kind of security.

Thanks in advance for your kind response

- Mero

Paul Preston · ‎04-13-2013

Hi Mero,

1. Devices from ASA5500X series of firewalls come in two flavors: with IPS and without IPS. Hence hardware is precisely the same, its only a license limitation. However, I don't believe that it meets all of your requirements. Please find more information about IPS in ASA5500X series below:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/data_sheet_c78_459036.pdf

2. no, you may need some additional licenses to IPS like botnet license etc

3.main features are described in the document that I have referred to in point 1

4. you will need to contact Cisco Certified Partner in your country to obtain that information

you can always read about Cisco ASA5515-K9 and compare it to older models on following website:

http://www.proxar.co.uk/news/first-impression-on-new-cisco-asa-5500-x-series-firewalls

http://www.datacentreshop.co.uk/

--

Paul Preston

Proxar IT Ltd. Registered in England and Wales: 6744401- VAT: 942985479

-- Paul Preston Proxar IT Ltd. Registered in England and Wales: 6744401- VAT: 942985479 Tubs Hill House, London Road, Sevenoaks, Kent, TN13 1BL Tel: (+44) 0844 809 4335 Fax: (+44) 01732 468 574 Mob: (+44) 077 9509 3450 Web: www.proxar.co.uk Email