Firepower Purchase Questions

keithcclark71 · ‎02-26-2020

Can someone tell me what I will need to purchase for Firepower. I have worked with and deployed Firepower but it has been a couple years now and I need a refresher. I will be getting AMP and URL filtering licenses (annualized) but I see topics with FTD discussions and it is confusing to me as to if FTD is a separate license purchase and what I would even need it for. I always thought FTD and Firepower were one in the same. I have an org that I am standing up Firepower for due to NIST compliance reasons and its a 100 user network 3-4 VLANs 100 devices max and planning on doing like a 5508-x or 5512-x w/Firepower connected to the FMC Virtual appliance with AMP & URL licenses. Is this enough or do I need anything else as like I said its been awhile since I worked with etc

Cristian Matei · ‎02-26-2020

Hi,

Most probably there was a confusion being made. Just to be clear, FTD means ASA and Firepower integrated in one unified image, while FirePOWER refers to the ASA module, the NGIPSv and the legacy/non-Cisco Firepower appliances). Based on what you'll be implementing, you need to get Smart Licenses (for any FTD platform) or Classic licenses (for non-FTD platform). Regardless of the licensing model (smart or classic), the licensing is done per managed device, per sensor: so if you order 5 FTD appliances, you need to order licenses for each one. The licensing model is well-known (T for Threat/IPS, M for AMP and C for URL Filtering), and you can choose which features you want per sensor/managed device.

The FMC does not require licensing to work, regardless if in standalone mode or HA mode, even though you add licenses in FMC for the managed sensors (FTD, Firepower). So you order licenses alongside with your managed device, but import the licenses in FMC, which makes sense.

Regards,

Cristian Matei.