01-28-2016 07:02 AM - edited 03-12-2019 12:12 AM
Hi,
I have a Cisco ASA 5506-X with FirePOWER services running OS 6.0.0 (which supports SSL inspection). I am managing this firewall through the ASDM. The ASA itself is running ASA OS version 9.5(1). The ASDM version is 7.5(2)
I am encountering a lot of unreliable issues and bugs with this firewall running OS 6.0.0. Here are the biggest issues:
I even generated the troubleshooting logs, but they don't provide any useful info I can use to understand what is going on.
Are there any known bugs or problems with Cisco ASA 5506-X with FirePOWER services running OS 6.0.0? Or is there anything I need to do extra on this ASA to get everything to work reliably?
I don't see much resources and I'm not happy with this product. The PAN, FGT, and the ASA using CX are much better NGFWs compared to the ASA SFR unit.
Please help or guide me in the right direction?
Thank you!
-rya
01-28-2016 07:23 AM
Hello,
I just want to add, that I heard from cisco representative, that 6.0 version is a bit raw and not stable. The advice is to use 5.4 version and the lattest update (Patch 5.4.1.5) until 6.1 (or 6.0.1, not sure) release appears:
The bad thing is that 5.4 don't have SSL decryption for cisco ASA (SSL decryption implemented only for NGIPS appliances). Neither it has Active Authentication.
01-28-2016 02:18 PM
Thanks for adding that. I agree that 6.0 is very raw and very unstable. But 6.0 has been out since November 2015 and I'm surprised there isn't any updates since then.
I'm using 6.0 only because of SSL inspection. If the SFR can't do SSL inspection natively, where other NGFWs can (Palo Alto, Fortinet, ASA CX) without using a separate box, then it doesn't make sense for anyone to use SFR because it isn't ready for production networks.
-rya
01-28-2016 11:07 PM
I think, Cisco understands the necessity of onbox SSL decryption for ASA with FirePOWER module, that's why they are developing new software versions. I'm absolutely agree with you, that without onbox SSL decryption it will be difficult to compete with other vendors within NGFW and UTM classes.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide