Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1397
Views
0
Helpful
3
Replies

Cisco Firepower 9300 with ASA OS

Go to solution
Sumanta Ghosh
Level 1
Level 1

‎04-06-2017 09:36 PM - edited ‎03-12-2019 02:11 AM

Hi Experts

Could you confirm the HA setup options applicable for Cisco firepower 9300 chassis (SF-F9K-FXOS2.0-K9) running ASA OS (SF-F9K-ASA9.6.2-K9)? Native ASA appliances had active/standby and active/active options, depending on single or multiple context deployment. Do we have same in Firepower 9300? I was reading something about inter-chassis and intra-chassis clustering, not very much sure though.

The below hardware is present:-

FPR9K-SM-24

FPR9K-SUP

Regards,

Sumanta Ghosh.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-07-2017 09:35 AM

FIrePOWER 9300 appliances with ASA logical devices have all of the high availability and clustering options as stand alone ASA appliances (including multiple context) plus the ability to run multiple ASA logical devices on a single chassis when you have multiple service modules (SMs) installed.

View solution in original post

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Sumanta Ghosh

‎04-08-2017 04:36 AM

You're welcome.

When you run an ASA logical device on a FirePOWER 9300 (or 4100 series) appliance, you do not have the option of including IPS. ASA with FirePOWER service module ("IPS") is only possible on a physical ASA appliance (5500-X series).

To run IPS on one of those appliances, you have to run a FirePOWER Threat Defense (FTD) logical device. FTD requires the Threat Defense license.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-07-2017 09:35 AM

FIrePOWER 9300 appliances with ASA logical devices have all of the high availability and clustering options as stand alone ASA appliances (including multiple context) plus the ability to run multiple ASA logical devices on a single chassis when you have multiple service modules (SMs) installed.

0 Helpful

Go to solution
Sumanta Ghosh
Level 1
Level 1
In response to Marvin Rhoads

‎04-07-2017 10:24 AM

Hello Marvin

Thanks very much. I would also like to know more about licensing for IPS. Does the below part codes have in built IPS, with signature update support? Or we need to order Threat Defense?

FPR9K-SM-24 Firepower 9000 Series Security Module
SF-F9K-ASA9.6.2-K9 ASA 9.6.2 Software for Firepower appliance series
FPR9K-SUP Firepower 9000 Series Supervisor
SF-F9K-FXOS2.0-K9 Cisco Firepower Extensible Operating System v2.0 for FPR9300

L-F9K-ASA License to run Standard ASA on a Firepower 9300 module
L-F9K-ASA-ENCR-K9 License to enable strong encryption in ASA on Firepower 9300

Regards,

Sumanta.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Sumanta Ghosh

‎04-08-2017 04:36 AM

You're welcome.

When you run an ASA logical device on a FirePOWER 9300 (or 4100 series) appliance, you do not have the option of including IPS. ASA with FirePOWER service module ("IPS") is only possible on a physical ASA appliance (5500-X series).

To run IPS on one of those appliances, you have to run a FirePOWER Threat Defense (FTD) logical device. FTD requires the Threat Defense license.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card