cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2570
Views
10
Helpful
16
Replies

How to convert a ASA 5515 to a NGFW - steps ?

Alfred Berberich
Beginner
Beginner

Dear all,

We want to test now the Cisco ASA NGFW and therefore I have to convert the 5515 Firewall .

What I have is a SSD Card ?

 

What are the steps now ?

( putting the SSD in the fw and then re-Imaging ? How  , Need a IPS License , Loading IPS SW etc.)

 

can anybody help ?

 

 show modul

Mod  Card Type                                    Model              Serial No.
---- -------------------------------------------- ------------------ -----------
   0 ASA 5515-X with SW, 6 GE Data, 1 GE Mgmt, AC ASA5515            FCH1725J3KS
 ips Unknown                                      N/A                FCH1725J3KS
cxsc Unknown                                      N/A                FCH1725J3KS

Mod  MAC Address Range                 Hw Version   Fw Version   Sw Version
---- --------------------------------- ------------ ------------ ---------------
   0 7c69.f62b.ee63 to 7c69.f62b.ee6a  1.0          2.1(9)8      9.1(1)
 ips 7c69.f62b.ee61 to 7c69.f62b.ee61  N/A          N/A
cxsc 7c69.f62b.ee61 to 7c69.f62b.ee61  N/A          N/A

Mod  SSM Application Name           Status           SSM Application Version
---- ------------------------------ ---------------- --------------------------
 ips Unknown                        No Image Present Not Applicable
cxsc Unknown                        No Image Present Not Applicable

Mod  Status             Data Plane Status     Compatibility
---- ------------------ --------------------- -------------
   0 Up Sys             Not Applicable
 ips Unresponsive       Not Applicable
cxsc Unresponsive       Not Applicable

Mod  License Name   License Status  Time Remaining
---- -------------- --------------- ---------------
 ips IPS Module     Disabled        perpetual

 

1 Accepted Solution

Accepted Solutions

The needed steps are outlined in the quick-start guide. Basically you install the SSD and load the FirePower-software.

Then you need a license for the security-services. At http://www.cisco.com/go/license there are demo-licenses for FirePOWER, but only for the 5506 ... Not sure if there is a demo for you 5515-X available. Probably you have to buy the license at your preferred Cisco-reseller. There are different licence-combinations available like IPS, URL and AMP. In addition to that you need a FireSight management-Server that is available as a physical or virtual appliance.

View solution in original post

16 Replies 16

The needed steps are outlined in the quick-start guide. Basically you install the SSD and load the FirePower-software.

Then you need a license for the security-services. At http://www.cisco.com/go/license there are demo-licenses for FirePOWER, but only for the 5506 ... Not sure if there is a demo for you 5515-X available. Probably you have to buy the license at your preferred Cisco-reseller. There are different licence-combinations available like IPS, URL and AMP. In addition to that you need a FireSight management-Server that is available as a physical or virtual appliance.

great thx a lot

Confusing - what I want is IPS and application control on my ASA-X nothing more .

What I find out is:

I have a CX module ( see attach) this allows application control

For IPS funktionality I Need the Firepower Module

That´s right ?

But only one module is allowed to run at the thame time other must be shutdown

so , How to use IPS and application control parallel on the ASA-X ?

 

Where is my mistake

Hi Alfred,

Yes, that is correct you can run only one module at a time on ASA.

The FirePOWER ngIPS services will run on top of your ASA software. 

So with sfr module installed on your ASA you get, ASA functionality and added granular control of sfr.

Hope it helps!!!

 

Thanks,

R.Seth

but , how to I get application functionality  than ?

do I Need the CX module for that ?

 

If yes, either IPS can running or application control , right ?

 

What to do to have both IPS and Application control parallel ?

 

The Control (CTRL) license is included at no charge with all ASA FirePOWER modules. That gives you application visibility similar to what the CX offered.

Adding the term-based IPS license subscription adds that feature.

You can then create policies in FireSIGHT Management Center that use both sets features and deploy them to your ASA with FirePOWER services module..