Solved: ASA-5525-IPS End Of Sale

QUARK TARO · ‎09-02-2015

I had plans to procure ASA-5525 with IPS features which is now end of sale.

My understanding is that

The firewall replacement model is ASA5525 with FirePOWER Services & the replacement model for IPS module is FirePOWER IPS.

To manage this FirePOWER IPS, we need a dedicated external appliance or VMWare virtual system ( we need to have a VMWare ESXi host).

1) Is it mandatory to have external appliance or VMWare virtual system to manage the FirePOWER IPS? Can I not manage everything by ASDM?

2) If I procure just the ASA5525 with FirePOWER Services (no IPS) can I manage everything by ASDM?

Marius Gunnerud · ‎09-02-2015

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html

The module has a basic command line interface (CLI) for initial configuration and troubleshooting only. You configure the security policy on the ASA FirePOWER module using one of the following methods:

FireSIGHT Management Center—Can be hosted on a separate FireSIGHT Management Center appliance or as a virtual appliance.
Adaptive Security Device Manager (ASA 5506-X, 5508-X, and 5516-X Only)—You can manage both the ASA and the module using the on-box ASDM.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

Marius Gunnerud · ‎09-02-2015

1) Is it mandatory to have external appliance or VMWare virtual system to manage the FirePOWER IPS? Can I not manage everything by ASDM?

If you have purchased the SourceFire appliance you need to have FireSight installed on an external PC / server to manage it. If you have the ASA with firepower, it can be managed through the ASDM.

2) If I procure just the ASA5525 with FirePOWER Services (no IPS) can I manage everything by ASDM?

Yes you can manage it through the ASDM.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

QUARK TARO · ‎09-02-2015

Please clarify point #1,

If I procure FirePOWER IPS, is it must to have an external hardware appliance or VMWare virtual system to manage it? To loan an virtual appliance I need another physical hardware with ESXi right?

Karsten Iwen · ‎09-02-2015

The Firepower-module on the 5525-X can't be managed by ASDM. You need FireSight on an appliance or a VM for that.

Marius Gunnerud · ‎09-02-2015

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html

The module has a basic command line interface (CLI) for initial configuration and troubleshooting only. You configure the security policy on the ASA FirePOWER module using one of the following methods:

FireSIGHT Management Center—Can be hosted on a separate FireSIGHT Management Center appliance or as a virtual appliance.
Adaptive Security Device Manager (ASA 5506-X, 5508-X, and 5516-X Only)—You can manage both the ASA and the module using the on-box ASDM.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

QUARK TARO · ‎09-02-2015

So to conclude, it doesn't matter whether I procure FirePOWER IPS or not, to manage 5525-FWPR I must have FireSIGHT Management Center.

Marius Gunnerud · ‎09-04-2015

FirewPower IPS is just a license, but if you intend to manage anything on the FirePower module on the ASA5525 you need FireSight.

--
Please remember to select a correct answer and rate helpful posts