Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
872
Views
5
Helpful
4
Replies

Is the use of the Firepower service mandatory?

Go to solution
Coutinho10
Level 1
Level 1

‎05-11-2017 12:24 AM

We just bought the ASA 5506-X with FirePower (ASA5506-K9). I migrated a config from our trusty 5505 to the new device and it's running just fine. I didn't bother with Firepower, but I did notice this module is up. Just wondering: Do I need to do anything with it if the 'basic' ASA functionality suffices? Or am I obliged to buy a license anyway? Should I disable the module if I choose not to use it?

Thanks in advance for your answers!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-11-2017 12:41 AM

In addition to what Jetsy said, leaving the module installed will not affect the ASA code in any way.

If you're OCD about it, you can uninstall it. If you're not using it now, you'd probably want to re-image it anyway when or if you ever get around to wanting to use it.

If you're simply relying on your ASA though for security, you are neglecting to protect against most current threats. Malware, phishing attacks, malicious URLs etc. are all things that the FirePOWER service module can help protect against.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jetsy Mathew
Cisco Employee
Cisco Employee

‎05-11-2017 12:35 AM

Hello Coutinho,

If you want inspect the traffic from ASA via Firepower then you have to do the following configs to redirect the traffic towards the Firepower.

http://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configure-firepower-00.html

But to use the Firepower policies and mange the same , you should have the base license which Protect and Control . Without license you wont be able to manage the Firepower policies. More about the License info as follows.

http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541/Licensing.html

More about the benefits of Firepower as follows.

https://www.cisco.com/c/dam/en/us/products/collateral/security/asa-firepower-services/at-a-glance-c45-732426.pdf

There are several features like Malware inspection and URL filtering also available with the Firepower services. 

Rate if this helps.

Regards

Jetsy 

Go to solution
Coutinho10
Level 1
Level 1
In response to Jetsy Mathew

‎05-11-2017 12:45 AM

Hi Jetsy,

Thanks for your answer. Maybe I didn't make myself clear: I don't want to use Firepower, but the module is running. So, is it ok to leave it alone if the 'basic' ASA functionality suffices? Or am I obliged to buy a license anyway? Should I disable the module if I choose not to use it?

Thanks again.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-11-2017 12:41 AM

In addition to what Jetsy said, leaving the module installed will not affect the ASA code in any way.

If you're OCD about it, you can uninstall it. If you're not using it now, you'd probably want to re-image it anyway when or if you ever get around to wanting to use it.

If you're simply relying on your ASA though for security, you are neglecting to protect against most current threats. Malware, phishing attacks, malicious URLs etc. are all things that the FirePOWER service module can help protect against.

0 Helpful

Go to solution
Coutinho10
Level 1
Level 1
In response to Marvin Rhoads

‎05-11-2017 12:56 AM

Hi Marvin,

Thanks, good to know that just leaving FP be won't have any negative impact on basic ASA functionality. Right now we are relying on another solution to protect us against malware etc., but who knows, maybe this will change over time.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card