Hi @Ajay Saini

I need to use it with all the licenses (TAMC).

Question is how do I use it in NGIPS mode?

If I select top Part number: FPR2130-BUN then I only have two options to select for hardware:

-FPR2130-NGFW-K9 and 

-FPR2130-ASA-K9 

(see the attached screenshot).

So no option for NGIPS. 

If on the other hand I select FPR4110-BUN as top part number then there is an option to add  FPR4110-NGIPS-K9 as hardware.

Hence my question here: Is NGIPS mode supported on 2100 series (like the documentation says it is) or is it only available on the 4100 series?

Regards.

Hello,

NGIPS mode is definitely supported, I have a 2140 HA pair configured and working as NGIPS with all the features. Out of 2, you should order FPR2130-NGFW-K9. This will run FTD image vs an ASA image which runs on FPR2130-ASA-K9.

-HTH

AJ

Hi @Ajay Saini

If I select FPR2130-NGFW-K9 as the hardware then under subscription I only have this options:
-L-FPR2130T-T= - Threat Defense Threat Protection License

-L-FPR2130T-TM= - Threat Defense Threat and Malware License

-L-FPR2130T-TC= - Threat Defense Threat and URL License

-L-FPR2130T-TMC= - Threat Defense Threat, Malware and URL License

(See attached screenshot)

So no option for IPS?

Which one of the licenses would cover everything (IPS, Malware, URL filtering)?

Regards.

Thank you very much for clearing that up. It's definitely confusing. 

And what about management? The devices should be managed through a regular Firepower management server right? Are additional licenses required for this (for the management through a Firepower management server)?

Can the same firepower management server manage ASA 5545 with firepower and 2100 firewalls?

Regards.

Hello,

FMC will manage only firepower portion of the ASA, not the complete ASA. Unlike ASDM, FMC will only manage the firepower components. Also, if you have sufficient licenses and memory available, you should be able to manage multiple devices using same FMC. So, you should be able to manage ASA 5545 Firepower and 2130 devices(provided license is sufficient)

License is required for FMC to be able to manage sensors(devices). For example, Virtual FMC can manage 2,10 or 25 devices based on the license added:

https://www.cisco.com/c/en/us/products/collateral/security/firesight-management-center/datasheet-c78-736775.html?cachemode=refresh

Ofcourse all the licenses are added to the FMC(FMC and device licenses) once it is installed.

-HTH
AJ 

Hi,

Yes, I'm aware that you buy a FMC with a certain ammount of licenses for the number of the devices that it should manage.

What I meant was are some licenses required on the 2100 so that it can me managed by a FMC? Like connect license?

Regards.

No specific license is needed on 2100 or any other device to be managed by FMC.

The only license required is the FMC license wherein we define the number of devices that can be managed.

Regards,

Ajay

Thank you very much!

Actually, if you re-image your ASA with FTD (firewall+ngfw unified image) then you will be able to manage the entire firewall with FMC.

However, mind that FTD does not have all the features the classic ASA image has. They're working on it, but will take a while.