Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1296
Views
5
Helpful
3
Replies

ASA Firepower URL Filtering

omair.siddiqui
Level 1
Level 1

‎11-22-2016 10:18 PM - edited ‎03-12-2019 01:34 AM

Hi If we have ASA5516-FPWR-K9, do we still need seperate IPS subscription? secondly if we add URL filtering license can any one know what will be my Bandwidth Management/Control Options.

Labels:
0 Helpful
3 Replies 3

Boris Uskov
Level 4
Level 4

‎11-22-2016 11:21 PM

Hello.

ASA5516-FPWR-K9 is a bundle of ASA5516, FirePOWER subscription license, Firepower Management Center (if needed) and Anyconnect licenses (if needed). When you make an order of ASA5516-FPWR-K9 you have some options to choose. You can choose the exact FirePOWER subscriptions you need:

L-ASA5516-TA= - only IPS;

L-ASA5516-URL= - only URL filtering

L-ASA5516-TAC= - IPS + URL;

L-ASA5516-TAM= - IPS + AMP;

L-ASA5516-TAMC= - IPS + URL + AMP;

So, depending on what FirePOWER subscription you chose while making an order of ASA5516-FPWR bundle, you may receive IPS, or may not (if you ordered only URL (L-ASA5516-URL=)).

Bandwidth Management/Control Options. This depends on what type of software you are going to use with ASA5516. If you use classic option with ASA OS + FirePOWER software module, you can configure service-policy with "police" action to control bandwidth. Please, notice, shaping can NOT be configured on ASA5516.

Your second software option is FTD software. It is a combination of ASA OS and FirePOWER services in a single software image, calles Firepower Thread Defence (FTD). You will have the whole functionality of FirePOWER and limited functionality of ASA. For example, VPN remote access currently cann't be configured for FTD image. Site-to-Site VPN can be configured only between ASAs with FTD image. With FTD you get some Bandwidth Management/Control Options in QoS section. Please, see the attach.

Preview file
62 KB

omair.siddiqui
Level 1
Level 1
In response to Boris Uskov

‎11-23-2016 02:12 AM

Thanks for valuable comments;

For this case we did not opt for any optional license. So if we need IPS+URL we will buy either a bundle or indivisual one.

Can we still use FTD, if we do not have any subscription license? or have to stick with ASA IOS.

Actually any more details on bandwidth moniotiring, control will be helpful. Can we make rules like quotas per user, rate limit based on per AD users/groups, visiting sites, URL Category or so on?

0 Helpful

Boris Uskov
Level 4
Level 4
In response to omair.siddiqui

‎11-23-2016 02:36 AM

If you have not yet ordered any FirePOWER subscriptions, you can use FTD image. As far as know FTD images should be licensed by Smart License concept. I'm not very good familiar with Smart License, so I advice you to contact your local sales team before ordering FirePOWER subscription for FTD.

You can download FTD soft for ASA since you have actual smartnet service contract for ASA5516.

Quotas are not supported yet. But you can try to configure rate limiting per AD users/groups, sites, URLs and so on. Please, see the attach.

I have not tested rate limiting yet, but at least, it can be configured.

Preview file
61 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card