Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2292
Views
10
Helpful
7
Replies

IPS subscription vs Botnet traffic filter

Go to solution
Viet Bui
Level 1
Level 1

‎08-20-2015 12:23 AM - edited ‎03-11-2019 11:28 PM

hi,

firstly i don't think that we have any problems with two kind of licenses. but i found that, if i also have Firepower and ASA firewall in data center, there are some issues below:.

If you buy IPS subscription license on FirePower, BotNet update on ASA may not be useful. Because bad reputation IP list are updated through IPS(FirePower) subscription already.

 

so can anyone tell me more about this issue?

 

thanks,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Boris Uskov
Level 4
Level 4

‎08-20-2015 03:40 AM

Hello, Viet.

If you are going to use FirePOWER module on cisco ASA with IPS subscriptions, you don't need to order Cisco ASA Botnet Filter licenses. The "Security Intelligence" component of FirePOWER module receives updates from the cloud service VRT (Vulnerability Research Team). Those updates contain the information about IP-addresses with bad reputation. The IPS signatures of FirePOWER module and updates from Security Intelligence component will be correlated. As a result, FirePOWER will provide you with information about hosts in your network, who participates in Bot-Nets. You'll receive messages:
CnC Connected


So, if you want to protect your network from participating in Bot-Nets, you can use only FirePOWER module on Cisco ASA with IPS subscriptions. The function of Cisco ASA Botnet Filter licenses overlaps with IPS subscriptions of FirePOWER.


Moreover, as far as I know, Cisco continuously works on consolidation of both cloud services: Vulnerability Research Team (VRT), which updates FirePOWER, and Cisco Security Intelligence Operations (SIO), which updates Cisco ASA Botnet Filter. So, the probability exists, that the information about IP-address reputation from both cloud services will be very similar or even identical.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Boris Uskov
Level 4
Level 4

‎08-20-2015 03:40 AM

Hello, Viet.

If you are going to use FirePOWER module on cisco ASA with IPS subscriptions, you don't need to order Cisco ASA Botnet Filter licenses. The "Security Intelligence" component of FirePOWER module receives updates from the cloud service VRT (Vulnerability Research Team). Those updates contain the information about IP-addresses with bad reputation. The IPS signatures of FirePOWER module and updates from Security Intelligence component will be correlated. As a result, FirePOWER will provide you with information about hosts in your network, who participates in Bot-Nets. You'll receive messages:
CnC Connected


So, if you want to protect your network from participating in Bot-Nets, you can use only FirePOWER module on Cisco ASA with IPS subscriptions. The function of Cisco ASA Botnet Filter licenses overlaps with IPS subscriptions of FirePOWER.


Moreover, as far as I know, Cisco continuously works on consolidation of both cloud services: Vulnerability Research Team (VRT), which updates FirePOWER, and Cisco Security Intelligence Operations (SIO), which updates Cisco ASA Botnet Filter. So, the probability exists, that the information about IP-address reputation from both cloud services will be very similar or even identical.

0 Helpful

Go to solution
Viet Bui
Level 1
Level 1
In response to Boris Uskov

‎08-20-2015 04:01 AM

thank Boris,

right now i'm going to upgrade my ASA with this module:

Upgrade Kit: ASA5555-X FW, IPS, CX to ASA5555-X FirePower

ASA5555-FP-UPG
ASA5555-CTRL-LIC=
L-ASA5555-TA=
L-ASA5555-TA-1Y

 

i see here also included IPS license subscription. so that mean i do not need to buy Botnet traffic filter license any more?

 

thanks,

0 Helpful

Go to solution
Boris Uskov
Level 4
Level 4
In response to Viet Bui

‎08-20-2015 04:30 AM

Hi, Viet.

Please, pay an attantion. This upgrade kit is suitable for you, if previously your ASA had CX module installed. In other words, there is no SSD-disk for ASA included in this upgrade kit. Be sure, that your ASA is equipped with SSD-disk. And one more important thing. To configure FirePOWER module on ASA you need to have Defence Center Appliance. The cheapest form of Defence Center for Cisco ASA is Defence Center in form factor of Virtual Appliance for VMWare:
FS-VMW-2-SW-K9
This Defence Center can control and monitor up to two ASAs with FirePOWER module installed.

And, yes, if you'll buy all those parts, you don't need to order ASA Botner Filter licenses to protect your network against Bot-Nets.

Go to solution
Viet Bui
Level 1
Level 1
In response to Boris Uskov

‎08-20-2015 07:43 PM

Thank so much Boris.

My devices already got these items as you mentioned.

ASA5555-2SSD120-K9

FS-VMW-10-SW-K9

 

so i think that enough for me to update Firepower services on my devices and i don't need to buy Botnet filter for these devices any more.

 

thanks,

 

0 Helpful

Go to solution
Boris Uskov
Level 4
Level 4
In response to Viet Bui

‎08-20-2015 11:35 PM

Hello, Viet. 

Yes, you have enough to update ASA to FirePOWER. I'm glad, that my answers were helpful.

Go to solution
Viet Bui
Level 1
Level 1
In response to Boris Uskov

‎09-20-2015 08:19 PM

thank Boris Uskov for your Reply.

one thing i still concern, can you help me to clarify?

as i see that, if i upgrade an ASA with firepower service. i need also buy FS-VMW-2-SW-K9 for management purpose. So where will the VM be installed? on ASA SSD driver or on an external server?

 

thank,

 
0 Helpful

Go to solution
Boris Uskov
Level 4
Level 4
In response to Viet Bui

‎09-21-2015 12:02 AM

Hello, Viet.

You need to install VM to ESXi Server. It should be installed separate from ASA.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card