Showing results for 
Search instead for 
Did you mean: 

How to convert a ASA 5515 to a NGFW - steps ?

Dear all,

We want to test now the Cisco ASA NGFW and therefore I have to convert the 5515 Firewall .

What I have is a SSD Card ?


What are the steps now ?

( putting the SSD in the fw and then re-Imaging ? How  , Need a IPS License , Loading IPS SW etc.)


can anybody help ?


 show modul

Mod  Card Type                                    Model              Serial No.
---- -------------------------------------------- ------------------ -----------
   0 ASA 5515-X with SW, 6 GE Data, 1 GE Mgmt, AC ASA5515            FCH1725J3KS
 ips Unknown                                      N/A                FCH1725J3KS
cxsc Unknown                                      N/A                FCH1725J3KS

Mod  MAC Address Range                 Hw Version   Fw Version   Sw Version
---- --------------------------------- ------------ ------------ ---------------
   0 7c69.f62b.ee63 to 7c69.f62b.ee6a  1.0          2.1(9)8      9.1(1)
 ips 7c69.f62b.ee61 to 7c69.f62b.ee61  N/A          N/A
cxsc 7c69.f62b.ee61 to 7c69.f62b.ee61  N/A          N/A

Mod  SSM Application Name           Status           SSM Application Version
---- ------------------------------ ---------------- --------------------------
 ips Unknown                        No Image Present Not Applicable
cxsc Unknown                        No Image Present Not Applicable

Mod  Status             Data Plane Status     Compatibility
---- ------------------ --------------------- -------------
   0 Up Sys             Not Applicable
 ips Unresponsive       Not Applicable
cxsc Unresponsive       Not Applicable

Mod  License Name   License Status  Time Remaining
---- -------------- --------------- ---------------
 ips IPS Module     Disabled        perpetual


16 Replies 16

If you work with your reseller or Cisco account SE, they can help you choose the right platform based on real-world measurements of the various hardware with different combinations of the features turned on.

Cisco doesn't publicly publish all of the details of internal testing.

Marvin Rhoads
Hall of Fame
Hall of Fame

In addition to what Karsten answered, you can work with a Cisco partner who has a security practice (search for Master Security specialization).

They can advise you on the proper license to purchase or, if you'd like, set you up with a 60-day trial license for FirePOWER proof-of-value demonstration on your ASA.

Review Cisco Networking for a $25 gift card