Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1133
Views
0
Helpful
4
Replies

FireSight Management, is it really required

Go to solution
bijbalaktn
Level 1
Level 1

‎06-07-2016 11:36 AM - edited ‎02-21-2020 05:50 AM

Hi  Team -  I am proposing two 5525  with firepower services.  Question is, do I really need to order the Firesight Manager ?  Cant the same be done with ASDM.  Wont the set up work without the Firesight Manager.

-B

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎06-13-2016 06:04 PM

I agree with Philip about getting the 5516 vs the 5525 but also want to add a couple of things:

1. ASDM can manage FirePOWER on all X series Firewalls. This was introduced with ASA version 9.5 and ASDM 7.5:

http://www.cisco.com/c/en/us/td/docs/security/asdm/7_5/release/notes/rn75.html

2. It is highly recommended that you get FireSIGHT. With FireSIGHT you can perform Network Discovery, generate IPS recommendations, Correlate events, generate reports, set alerts, etc. IMO FirePOWOR without FireSIGHT is not a good solution. 

I hope this helps!

Thank you for rating helpful posts!

Thank you for rating helpful posts!

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎06-07-2016 12:43 PM

Don't use a 5525, it's a waste of time.  The 5525 has no built in GUI support for Firesight, so if you do use it, you will have to install a separate management appliance.

The 5516 has almost the same throughput as a 5525, is considerably cheaper, and does have built in Firesight management via ASDM.  The ASDM version of Firesight has about 80% of the functionality of the management appliance.  It's hard to list the things are missing.  I just notice they aren't there when I go to use them. 

After the 5516 you should jump to a 5545 if you need more grunt.  But don't waste your time on a 5525.

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎06-07-2016 12:44 PM

If you are proposing two firewalls I would still use the Firesight virtual manager.  Then when you create policies it will consistently apply them to both devices.  Otherwise if you make a change on one appliance you'll have to make sure you make the same change on the other appliance.

0 Helpful

Go to solution
Jetsy Mathew
Cisco Employee
Cisco Employee

‎06-07-2016 10:50 PM

Hello Team,

You can use ASDM to manage to manage the firepower modules. But you can see only real time logging events when you use ASDM. Its not mandatory that you should use firesight hardwrae to manage modules. You can also use virtual firesight manager to manage the modules. If you ahev a valid contract and cisco customer id you can get the virtula images for foresight manager from cisco software download section. You can install the virtual firesight on any virtual esxi server with the reuqired resources mentioned in the release notes.

Rate if this answer helps you.

Regards

Jetsy 

0 Helpful

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎06-13-2016 06:04 PM

I agree with Philip about getting the 5516 vs the 5525 but also want to add a couple of things:

1. ASDM can manage FirePOWER on all X series Firewalls. This was introduced with ASA version 9.5 and ASDM 7.5:

http://www.cisco.com/c/en/us/td/docs/security/asdm/7_5/release/notes/rn75.html

2. It is highly recommended that you get FireSIGHT. With FireSIGHT you can perform Network Discovery, generate IPS recommendations, Correlate events, generate reports, set alerts, etc. IMO FirePOWOR without FireSIGHT is not a good solution. 

I hope this helps!

Thank you for rating helpful posts!

Thank you for rating helpful posts!
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card