Re: Firepower 2140 running ASA OS - URL Filtering Licence

anant.gaggar · ‎02-11-2020

Hi,

I am having a firepower 2140 appliance which is running on ASA OS 9.x. Can I add a URL filtering capability to it. What would be the pre-requisites and licence required for the same.

Note: We do not have FMC and we manage the device over CLI as of now.

Thanks.

nspasov · ‎02-11-2020

Hello Anant-

If you want to run URL Filtering on the device, you will need to complete a few steps:

1. The appliance needs to be re-imaged to run Firepower Threat Defense (FTD) instead of ASA since URL Filtering is a feature in FTD

2. You will need to obtain FTD URL Filtering License

3. You will need a way to manage FTD software. This can either be done through the on-box UI (FDM) or through a centralized management (FMC)

I hope this helps!

Thank you for rating helpful posts!

Marvin Rhoads · ‎02-11-2020

As Neno impied, you can't really do that running ASA image.

There is some very old rudimentary regex pattern matching you can do on ASA but I've never seen it used (outside the Cisco exams :).

You either need to convert entirely to FTD or do URL Filtering on a different device or service (for example, using Cisco Umbrella or WSA).

nspasov · ‎02-11-2020

Touche Marvin! You can indeed do regex based URL filtering in the ASA! :)

Thank you for rating helpful posts!

Peter Koltl · ‎02-13-2020

Is it legal to reimage and use FTD if FTD Base license was not purchased?

Marvin Rhoads · ‎02-13-2020

Technically you don't have right to use commercial software you haven't purchased. I'll leave the question of legality up to the lawyers.

Also, FTD will require a Base license (after the evaluation period) even if you don't want or need to more advanced licensed features like IPS subscription, URL Filtering or Advanced Malware Protection.