cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8673
Views
5
Helpful
10
Replies

Cisco ASA 5516-X with FirePower and FireSight Management Console

knguyenfolio
Level 1
Level 1

Hello everyone,


I'm looking to purchase ASA 5516-X with FirePower. I have a couple questions, please bear with me since I'm new with the ASA-X version:

 

1. According to the sales engineer that I'm talking to, he said that I don't need to have a physical box or VM for FireSight Management Console. He said the ASA 5516-X included the management console on the device. Is it correct? I can't verify this from any Cisco knowledge base. Can someone please confirm or direct me to the sources?

2. Any configuration guides or samples for the ASA 5500-X with FirePower? We had ASA 5510 and I just wonder if there will be a lot of different configs and commands to work with the ASA 5500-X with Firepower version versus ASA-5510.

Thank you very much in advanced.

1 Accepted Solution

Accepted Solutions

1) Thats right and documented at least in the FirePOWER ordering guide.

2) The config of the base-ASA will be pretty much the same to what you know from the 5510. The configuration of the FirePOWER-system is completely different from both the look-and-feel of the ASDM (although integrated) and the logic of the workflow. You'll need some time to adapt to it but it's worth it.

View solution in original post

10 Replies 10

1) Thats right and documented at least in the FirePOWER ordering guide.

2) The config of the base-ASA will be pretty much the same to what you know from the 5510. The configuration of the FirePOWER-system is completely different from both the look-and-feel of the ASDM (although integrated) and the logic of the workflow. You'll need some time to adapt to it but it's worth it.

Karsten,

Thank you very much for the information. That's awesome. Where do you think I can look up for more information about FirePower with its look and feel of the ASDM? I want to start looking into it and learn as much as I can.

Thanks again.

Khoi

First there is the "ASA with FirePOWER" product-page with lots of information.

For practicing FirePOWER with FireSIGHT, there is the dCloud, but there isn't a demo for ASDM available. And sadly I haven't seen any more ASDM-information for FirePOWER on the cisco-site.

And forgot to mention for your previous question: If you want to run your ASA in Failover, then you need the FireSIGHT Management-Center as the FirePOWER-modules don't sync as the ASAs do in HA.

Thank you for the insight. I really would like to continue with ASA since we are familiar with Cisco commands and ASDM. I was hoping not too much gap to learn and Cisco will provide more information about it. The cost of ASA-X is way more expensive when compare with Fortinet device and/or other vendors. Again, thank you Karsten.

Hi Karsten,

I spoke with a Cisco engineer regarding the FireSight Management Console and he told me that I will need a VM box for it. So now I'm really confused. You are the second person told me that we don't need it on the 5516-X but this person told me I do need it. 

Any ideas?

Thank you.

Khoi

No, idea ...

This is what is stated in the ordering-guide:

Cisco FireSIGHT Management Center is optional for the ASA 5506-X, 5506W-X, 5506H-X, 5508-X and 5516-X. 

But I don't have a 5516-X available to prove it.

Hi Khoi,

 

its optional with ASA 5506-X, 5508-X and 5516-X, because those appliances got the NGIPS Managment in free on-box Management ASDM. You have to consider that the FireSIGHT MC Center gives more detailed information and have better tuning capabilities on some tasks/reports.

Video Link how it looks like in ASDM:

https://communities.cisco.com/videos/13298

Hope this helps.

 

Hi Ayhan Guec,

 

That is really helpful. So please correct me, I can use ASDM to config and manage FirePower services as well as other features (firewall, VPN, etc) without using FireSight Mgmt, correct? The reason to go with FireSight MC Center is to have more detailed information and capabilities on some tasks/reports. Also the FireSight MC Center will require the additional license and an additional VM box if I decide to deploy in the future, am I right?

I will check out the video. I was hoping Cisco will be much clear on that and has some documentations for ASA 5516-X features with or without using FireSight MC Center.

Again you guys are very knowledgeable and I love this forum. Thank you again.

Khoi

Hi Khoi,

 

you are correct, you can do the firepower stuff in asdm in mentioned Modell. You can upgrade to firesight mc any time you want, but right you have to buy the license for the VM. In the smallest version you can manage 2 ASA ı think, but i am not sure 

Hi Ayhan Guec,

It looks like the link to the video is not working for me. It's unauthorized.

Thanks.

Khoi

Review Cisco Networking for a $25 gift card