04-12-2018 08:19 AM - edited 02-21-2020 07:37 AM
I would think this would be reasonably easy, but could not find the simple explanation for how to accomplish getting an ASA 5506-x w/Firepower running and licensed, specifically how it works (or if it needs to) with Cisco Firepower Management Center. I am completely lost and have read some getting started guides, but they seem to make assumptions about knowledge or existing installations that I am just finding myself frustrated and not wishing to pour literal hours into this.
I have purchased the 5506 and have a URL Filtering and Malware license installed and it says it never expires, but (IPS Term Subscription is still required for IPS). I am assuming that means I need to purchase an IPS license. Would either the L-ASA5506-TAMC-1Y or L-ASA5506-TA-1Y work, with the difference being services offered, where TAMC also has Apps, AMP and URL? Then is it just a matter of installing the license and we are good to go after configuring the Policies, or do we need CFMC?
The other question is how does Cisco Firepower Management Center work with this? Is it built into the ASA 5506-x w/Firepower, or is it a stand alone, web based, or need an OS to host? Does it need CFMC at all? If so, is there a cost associated with it?
04-13-2018 05:31 AM
From:
Firepower Management Center Configuration Guide, Version 6.2.2
Your purchase of a managed device that uses Classic Licenses automatically includes Control and Protection licenses. These licenses are perpetual, but you must also purchase a TA service subscription to enable system updates. Service subscriptions for additional features are optional.
The PAK that came with the device is used to license the Control and Protection features. The additional TA-subscription is needed to receive the updates for the Snort-engine.
The higher-up services do rely on the Control and Protection features.
My understanding is that FMC (physical or virtual appliance) is mandatory only if you're running the FTD-image or want to manage multiple ASAs from a central location.
An ASA 5506-x with FirePOWER module running the ASA-image can be managed via ASDM.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide