01-16-2017 11:18 AM - edited 03-12-2019 01:47 AM
Hi all,
I am looking forward to buy a Cisco ASA 5506-X with FirePower Firewall.
I am a bit confused about the various jargon and versions people have been selling on various portals.
Is there a difference between Cisco ASA 5506-K9 and ASA 5506-X with FirePower Firewall?
If they are the same, does every 5506-x or 5506-K9 come wtih a "Firepower" (feature)?
I will be using this for my homelab, learning purposes not business purposes, mainly certification.
Will it contain the features that a plus license offers for Advanced Endpoint security and BotNet Filter?
Solved! Go to Solution.
01-16-2017 06:24 PM
I depends on what features you require on the Firewall and Firepower systems. You have:
1) Anyconnect < Plus and Apex > for remote access VPN features, including Advanced Security Assessment.
2) Firepower <IPS, URL and AMP> for NGFW and NGIPS features.
3) Security plus - To enable failover and increase number of VLANS.
Anyconnect and Firepower licenses are subscription based so depending on feature, could cost a bit. If you want this for a small office/home office, the Meraki is suitable - most of the features come with the standard license, but advanced features can be enabled if you purchase the subscription based advanced security license.
Hope this helps.
01-16-2017 12:30 PM
ASA5506-K9 is the part number for ASA 5506-X with FirePOWER services, 8GE Data, 1GE Mgmt, AC, 3DES/AE. You can find more information in the datasheet here:
http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-733916.html
You would need to license the ASA and Firepower separately for the features you need.
01-16-2017 12:35 PM
Rahul thanks for your reply. That really helps, this helps me decide to buy the product from a seller offering me a good deal for ASA 5506-K9 (as its the same as 5506-x with firepower).
So with a homelab licenase, the Advanced Endpoing security and BotNet Filter features remain disabled? Or unable to download updates?
The Plus license is going for like 150 bucks on ebay, are they even genuine? Will the Plus license contain all these advance features?
01-16-2017 01:16 PM
Are you referring to the Security plus or the Anyconnect plus license? Botnet filter is not supported on the Asa5506 even if you add the security plus license.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/intro-license.html#20490
Advanced endpoint assessment comes as a part of the Anyconnect apex license and supported without security plus license.
01-16-2017 01:25 PM
Thanks much appreciated mate.
I am talking about Security Plus license.
I was under the impression that Security plus license contains everything.
For Advance Endpoint security and Botnet Filter what kind of license do i need? I was reading on some forums, that botnet filter is by default disabled in the logs, but internally it is enabled.
Oh and btw, will the Security Plus license contain license for Mobile anyconnect?
Will there be specific benifits if i buy a Security Plus license for homelab for practicing? Will i be missing out a lot if i do not buy it at all.
My apologies, if i am goofing up words, product. Trying to get accustomed to this.
01-16-2017 04:10 PM
So, i've spent few hrs reading the forum, and various CISCO docs, and get a fair amount of idea about various licenses needed to enable or get images to various add-on features.
Just one more question here, looks like every year renewing these licenses is going to set me up like close to 800 USD?
Unlike Meraki is 150 usd per year?
01-16-2017 06:24 PM
I depends on what features you require on the Firewall and Firepower systems. You have:
1) Anyconnect < Plus and Apex > for remote access VPN features, including Advanced Security Assessment.
2) Firepower <IPS, URL and AMP> for NGFW and NGIPS features.
3) Security plus - To enable failover and increase number of VLANS.
Anyconnect and Firepower licenses are subscription based so depending on feature, could cost a bit. If you want this for a small office/home office, the Meraki is suitable - most of the features come with the standard license, but advanced features can be enabled if you purchase the subscription based advanced security license.
Hope this helps.
01-16-2017 01:31 PM
Also, i read online on other forums, is that the IPS filter covers a lot more stuff than the Security plus, is that true? And that the Botnet filter is mostly covered with web filter prevention?
01-16-2017 04:09 PM
So, i've spent few hrs reading the forum, and various CISCO docs, and get a fair amount of idea about various licenses needed to enable or get images to various add-on features.
Just one more question here, looks like every year renewing these licenses is going to set me up like close to 800 USD?
Unlike Meraki is 150 usd per year?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide