07-19-2017 07:31 AM - edited 03-10-2019 06:53 AM
Hi Team,
We buy Cisco ASA5525-FPWR-BUN (QTY=2), It will be deploy as datacenter with connectivity of coreswitchs(C6807-XL) and server farm switches(WS-C3850-48T-S). Please share the valid design, deploy and configuration Guide.
My design attached.
The licenses are control and IPS licenses.
Here is BoM.
2 | ASA 5525 NGFW (Qty 2) | ||
ASA5525-FPWR-BUN | ASA 5525-X with FirePOWER Svcs. Chassis and Subs. Bundle | 1 | |
ASA5525-FPWR-K9 | ASA 5525-X with FirePOWER Services, 8GE, AC, 3DES/AES, SSD | 2 | |
CON-3SNT-A25FPK9 | 3YR SNTC 8X5XNBD ASA 5525-X with FirePOWER Services, 8GE | 2 | |
CAB-ACE | AC Power Cord (Europe), C13, CEE 7, 1.5M | 2 | |
SF-ASA-X-9.2.2-K8 | ASA 9.2.2 Software image for ASA 5500-X Series,5585-X,ASA-SM | 2 | |
SF-ASA-FP5.4-K9 | Cisco FirePOWER Software v5.4 for ASA 5500-X | 2 | |
ASA5525-CTRL-LIC | Cisco ASA5525 Control License | 2 | |
ASA5500X-SSD120INC | ASA 5512-X through 5555-X 120GB MLC SED SSD (Incl.) | 2 | |
ASA5525-MB | ASA 5525 IPS Part Number with which PCB Serial is associated | 2 | |
ASA5500-ENCR-K9 | ASA 5500 Strong Encryption License (3DES/AES) | 2 | |
L-ASA5525-TA= | Cisco ASA5525 FirePOWER IPS License | 2 | |
L-ASA5525-TA-3Y | Cisco ASA5525 FirePOWER IPS 3YR Subscription | 2 |
07-19-2017 06:21 PM
The 5525-X throughput with IPS running is at best no more than 650 Mbps. That may restrict your throughput between your servers and the rest of the network.
A Firepower 2100 or 4100 series would typically be recommended for data center designs.
07-19-2017 10:52 PM
Thanks,
for now we purchased ASA 5525 FPWR, Can you share configuration and connectivity?
07-20-2017 12:06 AM
This is a community support forum - we don't build your configurations here. That would be more of a pprofessional services engagement for which many people (myself included) make a living during their "day job".
If you have a specific question about trying to use a certain feature or technology then we are happy to help.
Otherwise please refer to the Cisco documentation on the product support page:
http://www.cisco.com/c/en/us/support/security/asa-5500-series-next-generation-firewalls/tsd-products-support-series-home.html
I do also notice there is no Firepower Management Center in your bill of materials. That would be strongly recommended to manage your ASAs' FirePOWER service modules.
09-04-2017 02:00 AM
Hi Team, I want you to help me on this. I have Cisco ASA 5525 with FPWR module and Firepower managment center to deploy on Datacenter as IPS with failover active/Standby.
1. How can i configure ASA with Firepower as Active/Standby?
2. Is it possible If I configure the ASA in a failover pair, the ASA FirePOWER configuration does automatically synchronize with the ASA FirePOWER module on the secondary device?
3. is the same configuration as ASA failover for ASA with firepower case?
09-04-2017 03:17 AM
The configuration for ASA with Firepower Active-Standby is the same as without Firepower. That's because the separate Firepower modules have no awareness of each other or the fact that the ASA units in which they reside are part of a failover pair.
Thus the Firepower modules do not synchronize either configuration or state. To sync configuration we use the external Firepower Management Center product and group the modules together in a device group. Then when we apply policy or updates it happens for both modules together. State is never synchronized between Firepower modules so a failover event can result in some "in-flight" flows not getting fully inspected.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide