Is it true I can’t use Firepower1010 as Firewall without a Web Server?

makwm · ‎08-05-2022

I intend to purchase and add a Cisco Firepower 1010 in my network as a Firewall.

However, through Google search, I found a buyer’s product review comment on eBay.com that “The Cisco 1010 firewall is a router/dependent firewall, that only provides a firewall if you have an oracle database and a web server, otherwise it is just a router and should be labeled as such. Cisco 1010 will not work as a firewall without a oracle database and a web server, without these it will only serve as a router. Note: It also suggests a battery backup. - Reviewed on eBay.com”.

Can any expert in this forum confirm the above review comment is true, that the Cisco Firepower 1010 will only serve as a router cannot provide Firewall protection without a web server in my network?

Kindly please advise as I do not want to end up spent money on a router.

marce1000 · ‎08-05-2022

- That assessment is not true (forget it),

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Leo Laohoo · ‎08-05-2022

@makwm wrote:
add a Cisco Firepower 1010 in my network as a Firewall.

The most important question needs to be ask: Describe your network and what you're trying to do.
Without this vital info, no one can assess if FTD is right for the job.

Marvin Rhoads · ‎08-06-2022

Whoever wrote that review either did not know what they are talking about at all or intended to deceive.

The Cisco Secure Firewall 1010 does require licensing. Base licensing (free) gives you a basic firewall - more or less feature parity with a plain Cisco ASA. You can optionally add Threat licensing (Next Generation IPS, Security Intelligence feeds etc.), URL Filtering and Malware licensing. Also, remote access VPN requires Cisco Secure Client (AnyConnect) licenses. (Site-to-site IPsec VPN is included in the base license.)

In no case do you need a separate web server or database to use the above features. If you are operating multiple firewalls there is the option to add an external management server (FMC) and you can also opt for cloud-based management (CDO) - both separately licensed. However out of the box the firewall has a web UI that can be used to manage all of the basic features. Under the covers there are some built-in databases (Monet db and SAP SQL Anywhere) that manage various aspects of operations "behind the scenes" for you.

p.s. You should only buy your Cisco gear from an authorized reseller. Otherwise you risk buying counterfeit and unsupportable equipment.

Colin-Preston · ‎08-23-2024

Hi @Marvin Rhoads, based on your previous response on 08-06-2022, could I please clarify whether the 1010 will function at all without a free Base Licence? The reason I ask is, I've just picked up a support case concerning a 1010 with older firmware which becomes unresponsive every 3 weeks. From the GUI Pending Changes, I noted the following "Deployment is not available because your device does not have a Base License. Please go to [Smart License] to resolve the issue".

I also note in the Perpetual Licences Included section where it says "This perpetual license is included with the purchase of the system. You must have this license to configure and use the device. It covers all features not covered by subscription licenses". Thanks.

Marvin Rhoads · ‎08-23-2024

@Colin-Preston yes the perpetual license is free and included. The way it is delivered is to the Smart Account of the purchasing end user. As such, you must register using Smart Licensing. If you are not registered, then the 90-day evaluation mode is the only other way to deploy changes (and that is limited - i.e., cannot license Secure Client / AnyConnect that way).