03-12-2015 05:59 AM - edited 03-12-2019 05:38 AM
Dear All,
I would like to ask that, is it mandatory to have Cisco FireSIGHT management Center OR Sourcefire Defence Center to configure and manage Cisco FirePOWER/ Sourcefire IPS appliances ?
Thanks & Regards
03-12-2015 01:53 PM
Yes.
03-13-2015 11:59 AM
Adding to what adhogan mentioned - yes - except for the new ASA 5506 which, when used with ASDM 7.4, will allow ASDM-based setup.
Most use cases would still want to have an FMC though for always-on monitoring and archiving the data for retrospective analysis.
You do have the option of the small licenses that allow you to manage either 2 or 10 ASA module-based sensors. (FS-VMW-2-SW-K9 or FS-VMW-10-SW-K9)
For legacy Sourcefire 3D sensors (VMs or appliances) you need the full FMC/DC option.
09-28-2015 03:38 PM
Sorry for resuscitating an old thread, but I have a similar question.
I'm looking at getting an ASA-5555-X with FP services and am trying to determine the necessity for the management product.
I know this thread concludes that it is required, but I saw this statement in the Cisco ASA with FirePOWER Services Data Sheet:
For local, on-device management including deployments for small and midsized businesses, Cisco Adaptive Security Device Manager (ASDM) 7.3.x provides, access control and advanced threat defense management. ASDM V 7.3.x provides an enhanced user interface that provides quick views on trends and the ability to drill down for further analysis.
So I wondered if I can do without it and just use ASDM. If not, do I have to use VMware to run it? Can I use HyperV or a physical box?
Thanks for any insight you can offer.
09-28-2015 08:13 PM
No, you cannot use "just ASDM". The key phrase "for small and midsized businesses" alludes to the models I mentioned earlier.
Only those models' FirePOWER modules can be managed directly from ASDM.
FireSIGHT Management Center (aka Defense Center) for all other models requires either VMware for smaller VM-based deployments or a physical FireSIGHT appliance for larger installations or those unable or choosing not to run VMware..
Hyper-V is not a supported option and I have yet to see anyone running it. Theoretically you should be able to - the management center is a Linux box under the covers - but you'd be on your own as far as support.
09-29-2015 01:00 PM
Seeing as the product is useless without the software you'd think they would include it with the firewall when purchased that way. It also seems strange that they force you to use VMware. I wonder why they chose that of all things.
Thanks for the reply though, I appreciate it.
 
					
				
		
03-31-2015 03:42 AM
A Cisco FireSIGHT Management Center appliance must be present for a sensor to function. All sensor licensing and management is handled by the Cisco FireSIGHT Management Center.
08-04-2015 01:03 PM
Do you still need FMC to manage Firepower URL filtering on a single ASA5512X?
08-04-2015 01:10 PM
Yes. It's required for all models except the new 5506, 5508 and 5516.
Those (and ONLY those - at this time) can use FireSIGHT capability embedded in ASDM 7.3(3).
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide