cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4131
Views
0
Helpful
16
Replies

ASA FirePOWER / FireSIGHT 6.0

ilukeberry
Level 1
Level 1

Hi

 

What do we know so far about 6.0 release ?

- will this release unified management of ASA and SourceFire MODULE ?

- will it support SSL decrypt on ASA ?

16 Replies 16

Marvin Rhoads
Hall of Fame
Hall of Fame

Neither has been publicly confirmed.

Cisco presenters at Cisco Live San Diego this past summer were telling us to expect the SSL decryption bit in 6.0. Beware thought that it will introduce a SIGNIFICANT performance hit. SSL decryption at scale is very resource-intensive.

Unified management I would think  is more of a roadmap thing. We may see some bits with 6.0 but there's a lot of functionality in the current respective GUIs that I'd be very surprised to see all come out in 6.0.

I don't care some much about SSL decrypt i know it's a performance hit.

 

but Unified Managment would be awesome. In Release notes for FirePOWER/FireSIGHT it always says:

Management Limitations of Cisco ASA with FirePOWER Services
At the current time, the Cisco ASA FirePOWER product consists of two different products tightly integrated with each other: the ASA Firewall and the FirePOWER Next-Generation Intrusion Prevention System (NGIPS). Whereas critical data
sharing between the two has been accomplished, a unified management platform is still in development.

 

So i guess it's coming but the question is when...

So.. FireSIGHT 6.0 + FirePOWER 6.0 was released.. it needs at least 9.4.2 or 9.5.(1)5 ASA OS. Both those OSes are not star labeled by Cisco. The lastest star labeled ASA OS is 9.2.4.I guess i'll wait till this thing gets supported by star labeled ASA OS.

Also interesting thing thats not mentioned in Release notes. If you are upgrading Virtual Defense Center (FireSIGHT) 5.4.1.x you need to raise RAM from default 4GB to 8GB in VMware ESXi for this VM.

And default password in Virtual Defense Center (FireSIGHT) is admin / Admin123 and not "Sourcefire" anymore. This is also not mentioned in Release notes.

Older ASA's e.g. 5515-X,5525-X etc.. can now manage FirePOWER within ASDM like newer 5506-X ASA's.

Those are my inital findings.

Has anyone heard why FirePOWER 6.0 requires exactly 9.4.2, if it's a specific feature the module is accessing or if it's Cisco's way of "herding" the customers into a higher release? In both cases it leaves me suspicious.

And there is also the case of https://tools.cisco.com/bugsearch/bug/CSCuu55258 and I'd hate to introduce a know bug into my firewall environment.

/Fredrik

I suspect it requires higher ASA OS than 9.2.x because now it's possible to manage FirePOWER straight in ASDM like 5508-X, 5516-X etc...

But i always use only "Cisco Suggested release based on software quality, stability and longevity." I don't want ASA OS plagued with bugs in production.

You need to upgrade to 9.4.2 or 9.5(1)5 to run FirePOWER/SIGHT 6.0.0 stuff.

I also think running 6.0.0 stuff in production is asking for trouble, it must be full of bugs, i'll hold on until 6.1.x at least.

It's been a while and I've been trying to get a feel for where the forum posts are heading with the 6.x train which has gotten it first 0.x increase. My interest is no longer meerly to run the newest software, if it ever were, the URL reputation is fast becoming a killer feature for me.

I still run the 9.3 train on my ASAs so I'm still forced to upgrade which I'm reluctant to do since neither the 9.4 och 9.5 train has any new features I really need besides the Firepower 6.x support. Also the 9.4 seems to still contain the https://tools.cisco.com/bugsearch/bug/CSCuu55258 bug even since there was a new release as late as Jan 28 which I think is apalling.

So my question to the forum is...what version are you running on your ASAs? The 9.4 train seems doomed or is the bug one of those that exists on paper but never manifests itself?

/Fredrik

Fredrik,

All my non-lab customer deployments are using FireSIGHT Management Center (VM or appliance) and thus non-ASDM-based management. So they have no pressing need to run the latest 9.5(x) with FP 6.x support.

The latest 5.4.1(x) is quite stable in my experience though with any product that complex it has its share of bugs. See the resolved caveats in the 6.0 release notes for evidence of that.

In the lab and at home I am running FP 6.0 without incident but then I don't have the day to day operational experience that running it in production would give.

6.0 has some other nice new features but overall the basic security functionality is not that much different from 5.4.x

Hello Marvin

How about event storage? Do you know if there are any plans on adding some more storage ont the FireSight Virtual appliance? Right now is limited to 250GB.

I have no idea.. You could deploy fresh FireSIGHT 6.0 and check if it has larger disk space.

Isaac,

Version 6.0 has the same 10 million connection events limitation as the previous versions had. Cisco recommneds going to a hardware appliance if you need more as it can be very taxing on database performance on the VMs. The hardware appliances range from 50 million to 1 billion connection events.

Hello Marvin

Thank you for your reply. What is so the best practice regarding event storage for FireSight? I mean would you advise to use an external database to copy the events from the Firesight database or should I store the events as a backup and then restore them if needed?

The two methods recommended by Cisco are:

1. Migrate to a larger platform on a physical appliance or

2. Backup connection events to remote storage if you might want to review them later.

Marvin what do you think is FirePOWER 6.0.0 stuff still "beta" quality. I'm thinking about waiting at least untill 6.1.x.

Generally speaking any "dot 0" release is not considered the most stable one. Unless there are specific features or bug fixes you require in it, a better course of action is to wait for the next minor release.

That said, Cisco is putting a lot of resources into FirePOWER products. I've generally found them to be pretty stable in that they don't typically break things that worked previously.

Review Cisco Networking for a $25 gift card