Solved: ASA 5525X Firewall new setup

AZKhan · ‎10-26-2019

Hello Experts,

I have recently unpacked ASA 5525x that was procured few years back. I have mostly worked in Juniper based environment and new to Cisco firewalls. As per the officials working already in the department, the warranty of the ASA firewall is expired.

I have few basic questions

1. Should i register the product with Cisco? is this the requirement to acquire licenses or the licenses are already installed?

2. How to check that how many and which licences are installed on the device?

3. I have currently following images on the device

i). asa922-4-smp-k8

ii). asasfr-5500x-boot-5.4.0-763.img

What these two images represent? and should i upgrade both of them to newer versions?

balaji.bandi · ‎10-29-2019

I). Is it necessary to register the product? as i m having trouble registering the product.

BB - you need to register your License to work all the features. - if already register - you no need to register license again.

but if you do not have smartnet contract, you will not get any support like failures hardware and upgrades.

2). What about the SourceFire IPS engine? is it sufficient to run IPS or this will require License?

BB - To run the NGIPS you need a license for this to run. - check what you have purchased originally along with the kit.

3). What benefits would i get if i upgrade the ASA image from 5.4 to 9.6X ?

BB - 5.4 end of life Long Long ago. I do not believe Cisco has support below 8.4 ( or i guess below 9.X)

9.X has lot of fixes and secure features, each version has its own advantage and fix. so suggest reading the release notes.

Cisco always suggests and recommends to run a stable version for better support.

hope above make sense? let us know any further information required. happy to help.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎10-26-2019

Welcome to Cisco World

1. Should i register the product with Cisco? is this the requirement to acquire licenses or the licenses are already installed?

BB - you can register the product or contact TAC - if this new unpacket might not have registered, if you have any PAK(cisco

License) you can register.

If the contract expired you can extend the smartnet contract contacting local Partner or Cisco

2. How to check that how many and which licences are installed on the device?

BB - show license (will give you what license installed. if this new device you get basic information)

3. I have currently following images on the device

i). asa922-4-smp-k8

BB - This is OS of the ASA to run as Firewall - there is latest version, but depends on the requirement you need to choose the right verison for your environment - 9.6.X is good as of now tested myself, there 9.8.X also available read the release notes before you upgrade.

ii). asasfr-5500x-boot-5.4.0-763.img

This is SourceFire ( FirePOWER - IPS Engine)

Hope this information help you to start with :

here is quick start guide :

https://www.cisco.com/c/dam/global/en_au/solutions/small-business/pdfs/Cisco-ASA-Easy-Setup-Guide-updated.pdf

What these two images represent? and should i upgrade both of them to newer versions?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

AZKhan · ‎10-29-2019

Thank you Balaji.Bandi for ur valuable reply.

Few questions in response

I). Is it necessary to register the product? as i m having trouble registering the product.

2). What about the SourceFire IPS engine? is it sufficient to run IPS or this will require License ?

3). What benefits would i get if i upgrade the ASA image from 5.4 to 9.6X ?

Actually my task is to deploy the firewall within running Network by replacing Cisco Router 2901.
Firewall will be supposed to employ all the protection to block attacks from Outside (Internet) to Inside (Trust) and also restrict traffic of internal zones based on IP's/subnets or higher layer ports.

balaji.bandi · ‎10-29-2019