cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
217
Views
0
Helpful
5
Replies
Highlighted
Beginner

Firepower 2140 running ASA OS - URL Filtering Licence

Hi,

I am having a firepower 2140 appliance which is running on ASA OS 9.x. Can I add a URL filtering capability to it. What would be the pre-requisites and licence required for the same. 

Note: We do not have FMC and we manage the device over CLI as of now.

Thanks.

 

5 REPLIES 5
Highlighted
Cisco Employee

Re: Firepower 2140 running ASA OS - URL Filtering Licence

Hello Anant-

If you want to run URL Filtering on the device, you will need to complete a few steps:

1. The appliance needs to be re-imaged to run Firepower Threat Defense (FTD) instead of ASA since URL Filtering is a feature in FTD

2. You will need to obtain FTD URL Filtering License

3. You will need a way to manage FTD software. This can either be done through the on-box UI (FDM) or through a centralized management (FMC)

I hope this helps!

Thank you for rating helpful posts!

Highlighted
Hall of Fame Guru

Re: Firepower 2140 running ASA OS - URL Filtering Licence

As Neno impied, you can't really do that running ASA image.

There is some very old rudimentary regex pattern matching you can do on ASA but I've never seen it used (outside the Cisco exams :).

You either need to convert entirely to FTD or do URL Filtering on a different device or service (for example, using Cisco Umbrella or WSA).

Highlighted
Cisco Employee

Re: Firepower 2140 running ASA OS - URL Filtering Licence

Touche Marvin! You can indeed do regex based URL filtering in the ASA! :)

Thank you for rating helpful posts!

Highlighted
Contributor

Re: Firepower 2140 running ASA OS - URL Filtering Licence

Is it legal to reimage  and use FTD if FTD Base license was not purchased?

 

Hall of Fame Guru

Re: Firepower 2140 running ASA OS - URL Filtering Licence

Technically you don't have right to use commercial software you haven't purchased. I'll leave the question of legality up to the lawyers.

Also, FTD will require a Base license (after the evaluation period) even if you don't want or need to more advanced licensed features like IPS subscription, URL Filtering or Advanced Malware Protection.