11-27-2013 10:39 AM - edited 03-11-2019 08:10 PM
Hello,
I am purchasing a 5525-X IPS Edition model firewall with 5 security context licenses. I have a question about licensing. When activating a feature license, such as Web Security Essentials, do you actiavte it under the firewall context or under the admin context. The reason I am asking is that I am trying to figure out how may Web Security Essentials licesnes to buy. Do we buy 1 for the device, or 1 for each context?
Thanks in advance,
Justin
11-27-2013 11:51 AM
You would enable the license under the system context. The license covers all the security contexts. As of today, you can't run WSE and IPS. The software for that is supposed to be released soon. The rumor is that it will not be running full IPS, only a subset of features.
Hope it helps.
11-27-2013 03:44 PM
Actually the IPS for NGFW (CX) was slipstreamed in to 9.2 CX software last month. It's just not orderable quite yet. :)
It does have less configuration options than the classic Cisco IPS but it is better in other ways. The subscription service should be orderable this month.
Sent from Cisco Technical Support iPad App
12-10-2013 07:47 AM
Marvin Rhoads wrote:
Actually the IPS for NGFW (CX) was slipstreamed in to 9.2 CX software last month. It's just not orderable quite yet.
It does have less configuration options than the classic Cisco IPS but it is better in other ways. The subscription service should be orderable this month.
Hi Marvin, any idea if it will support multiple security contexts? We don't get a proper update on the NG IPS until next week and I can't reach our Security SE
12-10-2013 08:32 AM
The NGFW IPS does support multi-context mode ASA.
However the policies on the IPS itself are global (like those for the earlier CX WSE and AVC features) so they are common across all contexts that are directing traffic to it via their respective service policies.
The events (in PRSM) will display the name of the context whose traffic triggered the event.
Hope this helps.
12-10-2013 08:39 AM
Thanks Marvin!
12-10-2013 08:40 AM
You're welcome. Please rate it if the answer was helpful.
04-11-2014 10:26 PM
i need to state a correction..
the IPS or WSE/AVC virtual appliances are not available under multi-context by now.
even on 9.1 asa code.
so take this in care before buy the context and the WSE/AVC or IPS or both.
best regards
12-06-2013 11:51 AM
That is exactly what I needed to know. Thank you!
12-06-2013 11:56 AM
You're welcome. Please rate helpful replies and mark your question as answered.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide