Thanks Syeda3

To learn more about cisco ASA firewall can i take exam 300-206 SENSS ?

But i dont have CCNA security certificate...

What is your learning goal?

The best method depends on that and the knowledge you have already.

If you are looking to support certication at the CCNP Security level then you should back up and first get the CCNA R&S and Security foundation certifications.

If you just want familiarity with the product then there are lots of free Cisco Live 365 presentations you can review.

If you need to understand it better for you current job then a combination of hands on practice plus the class for the SSFIPS exam makes sense. But if you don't have a good concept of the basics you will have a much more challenging task.

No exam by itself teaches a product. The exam only measures your understanding of the concepts.

First time on these forums and apologize if this is not proper etiquette for posting rules. Marvin although I have not participated I have read a lot of your responses to questions on these forums relating to Firepower and appreciate your knowledge. I have built many ASA's and have also ported many prev gen firewall configurations from older 8.2 code to current. I have an upcoming project for moving off prev gen to next gen FIrepower.  The Firewalls are onsite and 5508-X 5525-X 5545-X and FMC will be OVA on ESXI Host.  I cant seem to get a clear answer on Subscription based licensing for the subscription based licenses. Could you please direct me on what I should be looking for in SKU format for these Next Gen models in local flash or if it is a push from the FMC how do I get the SKU necessary for subscription purchase (AMP/URL) for these models? I hate the licensing model here and just need a checklist of what I should purchase for this project (5508-X 5525-X 5545-X and FMC on ESXI). Would really appreciate any advice. Thanks 

keithcclark71  ,

If you're a Cisco partner you should consult the Cisco Network Security Ordering Guide. It will answer just about every question regarding ordering SKUs.

Generally, FirePOWER licenses are what Cisco calls "classic" type. (vs. the new Smart Licenses used with FTD images).

Given the right SKU and the PAK you get when the order is fulfilled, you redeem the license on Cisco.com using the License Key of the managing FirePOWER Management Center. You then install the license(s) you receive in FMC and assign them to your managed devices as appropriate.

So the subscription licensing is all managed through FMC then. I should only be initially concerned with getting my ASA's configured with the SSD software based firepower image and ensuring connectivity back to the FMC where these ASA's will register.  Which brings me to another question is for the deployment is it best to place the FMC and this the Firepower Modules on DMZ and separate from Admin traffic? Do you typically see IP's on the management interface of the ASA for such deployments as I was thinking this would be ok so long as I connect back to Layer 3 SVI on Core switch which would be the gateway setting for the Module itself