Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1409
Views
5
Helpful
2
Replies

ASA 5525-X and installing FirePOWER

Go to solution
goodwinag
Level 1
Level 1

‎12-06-2016 03:45 PM - edited ‎03-12-2019 01:37 AM

Hello,

We have an ASA 5525-X that has IPS capability, we apparently purchased FirePOWER along with the virtual appliance option, do we need to install FirePOWER within disk0:/?  Currently IPS is installed and not being used, we don't have a module installed within the firewall, is it still possible to run FirePOWER on this device? and if so, would the FirePOWER filter all traffic through the virtual appliance or through the ASA itself.

Is there a document on how to convert from IPS to FirePOWER?

Thanks In Advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-07-2016 04:22 AM

It's not clear what virtual appliance you are referring to - there's a FirePOWER Management Center VM and a separate product that is a FirePOWER appliance VM. There's also the FirePOWER module on the ASA 5500-X series.

An ASA FirePOWER module runs on the parent ASA as a sort of VM. It bootstraps from disk0: and then uses the Solid State Drive (SSD) on the ASA for the full product installation and local storage of events. It can be managed locally (using ASDM) or, more commonly, from a remote FirePOWER Management Center. the FMC is where you configure and deploy policies. It also gets events from the managed FirePOWER modules on remote ASAs. The actual traffic filtering takes place on the ASA working with its installed FirePOWER service module.

Here's how to convert from the old style Cisco IPS:

http://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configure-firepower-00.html

Once you have the FirePOWER (sfr) module installed, have a look at the Quick Start guide:

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html

View solution in original post

2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-07-2016 04:22 AM

It's not clear what virtual appliance you are referring to - there's a FirePOWER Management Center VM and a separate product that is a FirePOWER appliance VM. There's also the FirePOWER module on the ASA 5500-X series.

An ASA FirePOWER module runs on the parent ASA as a sort of VM. It bootstraps from disk0: and then uses the Solid State Drive (SSD) on the ASA for the full product installation and local storage of events. It can be managed locally (using ASDM) or, more commonly, from a remote FirePOWER Management Center. the FMC is where you configure and deploy policies. It also gets events from the managed FirePOWER modules on remote ASAs. The actual traffic filtering takes place on the ASA working with its installed FirePOWER service module.

Here's how to convert from the old style Cisco IPS:

http://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configure-firepower-00.html

Once you have the FirePOWER (sfr) module installed, have a look at the Quick Start guide:

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html

Go to solution
goodwinag
Level 1
Level 1
In response to Marvin Rhoads

‎12-07-2016 03:18 PM

Many thanks Marvin! 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card