Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
517
Views
0
Helpful
1
Replies

ASA5506X - Does Firepower Module provide any basic protection without any IPS,URL, or AMP licenses?

kj4cyv001
Level 1
Level 1

‎11-09-2015 02:08 PM - edited ‎03-11-2019 11:51 PM

Purchased an ASA5506X (ASA5506-K9) firewall to replace an aging 5505.

Got it running fine, can communicate to the Firepower module and all that, but I have not purchased any IPS, AMP, or URL Licenses for the Firepower module at this time.

Does the Firepower module provide any basic protection at all, if there are no software subscriptions licensed for it?

If not, would it be best to not direct any traffic to a Firepower Module that has no subscriptions?

If it does provide some form of basic protection - even if no subscriptions are licensed - do I just need to direct traffic to it?

I'm sure a question like this has been posted before, but I've looked for a few hours - I've tried - and cannot find an answer to these questions.

I like the multiple interfaces, five or so VLANS, sub interfaces capability, and unlimited hosts on the new ASA5506X. Its nice to have a real DMZ - not that messed up 'half' a vlan that the 5505 used to have. While some miss the 5505's built-in switch, I'll take the flexability of the network interfaces over a cheap switch anyday. The Firepower licensing subscriptions are a bit on the steep side for a volunteer/non-profit -  and thus the question.

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Tracker
Level 1
Level 1

‎12-05-2017 06:07 AM

https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5506X/5506x-quick-start.html

ASA FirePOWER Licenses

The ASA FirePOWER module uses a separate licensing mechanism from the ASA. No licenses are pre-installed, but the box includes a PAK on a printout that lets you obtain a license activation key for the following licenses:

  • Control and Protection —Control is also known as “Application Visibility and Control (AVC)” or “Apps”. Protection is also known as “IPS”. In addition to the activation key for these licenses, you also need “right-to-use” subscriptions for automated updates for these features.

The Control (AVC) updates are included with a Cisco support contract.

The Protection (IPS) updates require you to purchase the IPS subscription from http://www.cisco.com/go/ccw. This subscription includes entitlement to Rule, Engine, Vulnerability, and Geolocation updates. Note: This right-to-use subscription does not generate or require a PAK/license activation key for the ASA FirePOWER module; it just provides the right to use the updates.

Other licenses that you can purchase include the following:

  • Advanced Malware Protection (AMP)
  • URL Filtering

These licenses do generate a PAK/license activation key for the ASA FirePOWER module. See the Cisco Firepower System Feature Licenses for more information.

To install the Control and Protection licenses and other optional licenses, see Install the Licenses.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card