Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
732
Views
5
Helpful
1
Replies

ASA 5516-X: ASDM or Firesight Management Console

6rlopez_2
Level 1
Level 1

‎11-25-2015 07:14 AM - edited ‎03-11-2019 11:56 PM

Hello,

I am considering a cluster (A/P) of 5516X with FirePower Services and I have 2 questions regarding the management solution for ASA 5516-X:

1) I have seen 5516-X has an internal FMC. Is there any document where it is explained which  management functions are supported by this internal FMC or ASDM? and in which case I have to use an external FMC? Can I manage the high availability of the cluster with the internal one?

2) In case of selection of external FMC, can I install the FMC in a different network than the ASAs or it is requirement a layer 2 connection between ASAs and FMC?

Thanks

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎11-25-2015 09:35 AM

2) The FireSight MC can be installed in a different network. Yiu just need IP-reachability on the relevant Mgmt-ports.

1) With two ASAs in HA, managing FP with the onboard solution is not an option. As there is no sync between the modules, you had to make sure that all changes are done on both ASAs. IMO this can only be ensured by pushing one policy to both modules. Thats the way the external Firesight does it.

The 2-node virtual MC has a list-price of $600, so compared to the ASA (and the licenses) it's quite "cheap".

Still, the base-ASAs are still managed by ASDM/CLI/CSM while FireSIGHT only cares about the FirePOWER portion.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card