11-22-2016 03:56 AM - edited 02-21-2020 05:57 AM
Hi,
I have 2 nos of ASA5515-X firewall with CX Module configured in HA, now I want to run IPS, URL functionality on it. Below is the BOM for the same, pls let me know do I need to required Cisco Prime Security Manager as well. If yes, then as per my Knowledge Cisco Prime Security Manager is End of Sale, so pls suggest any solution. My firewall doesn't support firepower functionality
Also I was going through a document, in which it is mention that PSRM comes on box to manage single instance, so can I use PSRM to manage the firewall in HA along with IPS, AVC and WSE functionality.
Part Number | Description | Qty |
ASA5500X-SSD120= | ASA 5512-X through 5555-X 120 GB MLC SED SSD (Spare) | 2 |
ASA5515AWI1Y= | ASA 5515-X AVC, WSE, IPS 1 Year | 2 |
Thanks
Navneet
Solved! Go to Solution.
11-22-2016 03:53 PM
Hello Navneet-
I would not recommend purchasing and/or running CX. That product is already EoL/EoS due to the acquisition of Sourcefire:
As a result, I would recommend you look into the FirePOWER services for ASA. For the 5515-X, there is an upgrade SKU which is: ASA5515-FP-UPG
That SKU can be configured to include:
1. SSDs
2. URL Filtering
3. Advanced Malware Protection
4. IPS
5. FireSIGHT Management Center
6. Smartnet
I hope this helps!
Thank you for rating helpful posts!
11-24-2016 06:43 AM
I agree with Neno's recommendation. ASA CX signature updates will only be offered for another year and a half. Reference:
http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/eos-eol-notice-c51-733917.html
The 5515-X supports the FirePOWER module via re-image of the software module. FirePOWER is a superior solution offering better protection against modern threat vectors that the CX cannot detect.
11-22-2016 03:53 PM
Hello Navneet-
I would not recommend purchasing and/or running CX. That product is already EoL/EoS due to the acquisition of Sourcefire:
As a result, I would recommend you look into the FirePOWER services for ASA. For the 5515-X, there is an upgrade SKU which is: ASA5515-FP-UPG
That SKU can be configured to include:
1. SSDs
2. URL Filtering
3. Advanced Malware Protection
4. IPS
5. FireSIGHT Management Center
6. Smartnet
I hope this helps!
Thank you for rating helpful posts!
11-24-2016 06:43 AM
I agree with Neno's recommendation. ASA CX signature updates will only be offered for another year and a half. Reference:
http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/eos-eol-notice-c51-733917.html
The 5515-X supports the FirePOWER module via re-image of the software module. FirePOWER is a superior solution offering better protection against modern threat vectors that the CX cannot detect.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide