cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
819
Views
5
Helpful
4
Replies

Firepower ASA5512-FPWR-K9 basic URL filtering

Jan Rolny
Level 3
Level 3

Hi, i just placed question a week ago in security/sourcefire/license section but unfortunately no response so i am trying to ask here.

My original post:

Hi,

i am trying to understand Firepower licensing but still don't understand it very well.

I would like to have ASA5512-X with basic URL filtering (without reputation functions etc.). I just need to create whitelist or blacklist and that's it.

When i am reading this article http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541/Licensing.html so under URL paragraph there is:

Tip: Without a URL Filtering license, you can specify individual URLs or groups of URLs to allow or block. This gives you granular, custom control over web traffic, but does not allow you to use URL category and reputation data to filter network traffic.

So what does it means? When i buy ASA5512-FPWR-K9 so there should be Protection license included right? And regarding paragraph about URL, ASA should be able to make some basic URL filtering without buying annual URL filtering license.

 Am I correct?

Thank you for help,

Jan

1 Accepted Solution

Accepted Solutions

Regarding ordering codes ... The purpose of the bundle is really to buy the hardware and the subscription with one SKU. ASA5508-K9 also includes FP and would be the option you need.

The 5512-X doesn't have a dedicated HW-module for FP. All ASAs below the 5585 use software modules. That means that there are reserved resources (CPU-cores and memory) for Firepower. The "base" ASA uses the remaining resources. Thats the same for 5508 and 5512 so the values from the datasheet are comparable.

View solution in original post

4 Replies 4

You are right, you can achieve that without any additional term-based licenses. All you need in regard to licenses comes with the box when you buy the firepower bundle.

Today, I would also consider buying the 5508-X instead of the 5512-X

Thanks for quick response!

I hope that's really like it's described :-). Regarding your consideration you are right. I just noticed that 5508-X is little bit better in performance than 5512-X what confuses me again. But let's say that it is really like in table.

Another thing is about -BUN and -K9. I didn't found 5508-FPWR-K9 just BUN or ASA5508-K9.

Probably for ASA5508-K9 there is not dedicated FirePower module so maybe it will consume more CPU time of whole ASA?

5512-FPWR-K9 has dedicated FirePower module just for this purposes. So finally it should  be more powerful than 5508-X.

Regards,

Jan

Regarding ordering codes ... The purpose of the bundle is really to buy the hardware and the subscription with one SKU. ASA5508-K9 also includes FP and would be the option you need.

The 5512-X doesn't have a dedicated HW-module for FP. All ASAs below the 5585 use software modules. That means that there are reserved resources (CPU-cores and memory) for Firepower. The "base" ASA uses the remaining resources. Thats the same for 5508 and 5512 so the values from the datasheet are comparable.

I just noticed that 5508-X is little bit better in performance than 5512-X what confuses me again

One more note ... The 5508 is from the newest generation of ASAs (5506, 5508, 5516). That not only makes them faster compared to some other older devices, they are probably also more future-proof.

Review Cisco Networking for a $25 gift card