06-05-2017 12:14 PM - edited 03-12-2019 02:28 AM
I have a small business customer who has an ASA 5512x with Firepower services module (vers 5.4) and the Firesight Mgt Center (5.4) virtual appliance managing the Firepower module. We are planning to upgrade the Firepower module and FMC to version 6.2 soon.
Also, the customer wants to upgrade their remote sales office from an ASA 5505 to a 5506x with either the Firepower module, or with the Threat Defense vers 6.2. Not sure whether to stick with the ASA/Firepower images, or go with the unified Threat defense. I have yet to work with the Threat Defense option yet.
The remote sales office has a site to site ipsec vpn tunnel from the current ASA 5505 to the ASA 5512x at their Head Quarters. This will need to be recreated with either option.
Previously, i configured the ASA 5505 at their HQ, and shipped it to the sales office to be plugged into their Cable Internet Service. I would like to do the same with the new firewall.
If the ASA with Threat Defense would be configured by the Firesight Mgt Center, what would be the steps to pre-configure it? If I went with the ASA/Firepower combo, I could copy the existing ASA's config to the new ASA 5506 with the VPN tunnel setup. Then configure the Firepower module to connect to the FMC via the site to site vpn tunnel.
Any thoughts or suggestions on how to proceed?
Solved! Go to Solution.
06-15-2017 11:35 PM
FTD is a bit raw still and I would recommend labbing it out before jumping into your first deployment at a remote site.
The 5506X with ASA software and FirePOWER 6.2 would be a good approach. Note that when you migrate your FMC to 6.2, all managed sensors must already be at 6.1.
Make sure your FirePOWER module management interface has access (via the new VPN) to the remote FMC. With that in place, you can just register it once its on-site, confirm it connects and then deploy the policies to it.
You'll generally want to do that remotely since the FMC knows it by its IP address which may not be easily setup (with its final address and routing) while at a staging location.
06-15-2017 11:35 PM
FTD is a bit raw still and I would recommend labbing it out before jumping into your first deployment at a remote site.
The 5506X with ASA software and FirePOWER 6.2 would be a good approach. Note that when you migrate your FMC to 6.2, all managed sensors must already be at 6.1.
Make sure your FirePOWER module management interface has access (via the new VPN) to the remote FMC. With that in place, you can just register it once its on-site, confirm it connects and then deploy the policies to it.
You'll generally want to do that remotely since the FMC knows it by its IP address which may not be easily setup (with its final address and routing) while at a staging location.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide