cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5261
Views
5
Helpful
8
Replies

Is there a difference between Cisco ASA 5506-K9 and ASA 5506-X with FirePower Firewall?

monukoshy
Level 1
Level 1

Hi all,

I am looking forward to buy a Cisco ASA 5506-X with FirePower Firewall.

I am a bit confused about the various jargon and versions people have been selling on various portals.

Is there a difference between Cisco ASA 5506-K9 and ASA 5506-X with FirePower Firewall?

If they are the same, does every 5506-x or 5506-K9 come wtih a "Firepower" (feature)?

I will be using this for my homelab, learning purposes not business purposes, mainly certification.

Will it contain the features that a plus license offers for Advanced Endpoint security and BotNet Filter?

1 Accepted Solution

Accepted Solutions

I depends on what features you require on the Firewall and Firepower systems. You have:

1) Anyconnect < Plus and Apex > for remote access VPN features, including Advanced Security Assessment.

2) Firepower <IPS, URL and AMP> for NGFW and NGIPS features.

3) Security plus  - To enable failover and increase number of VLANS.

Anyconnect and Firepower licenses are subscription based so depending on feature, could cost a bit. If you want this for a small office/home office, the Meraki is suitable - most of the features come with the standard license, but advanced features can be enabled if you purchase the subscription based advanced security license.

Hope this helps.

View solution in original post

8 Replies 8

Rahul Govindan
VIP Alumni
VIP Alumni

ASA5506-K9 is the part number for ASA 5506-X with FirePOWER services, 8GE Data, 1GE Mgmt, AC, 3DES/AE. You can find more information in the datasheet here:

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-733916.html

You would need to license the ASA and Firepower separately for the features you need.

Rahul thanks for your reply. That really helps, this helps me decide to buy the product from a seller offering me a good deal for ASA 5506-K9 (as its the same as 5506-x with firepower).

So with a homelab licenase, the Advanced Endpoing security and BotNet Filter features remain disabled? Or unable to download updates?

The Plus license is going for like 150 bucks on ebay, are they even genuine? Will the Plus license contain all these advance features?

Are you referring to the Security plus or the Anyconnect plus license? Botnet filter is not supported on the Asa5506 even if you add the security plus license.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/intro-license.html#20490

Advanced endpoint assessment comes as a part of the Anyconnect apex license and supported without security plus license.

Thanks much appreciated mate.

I am talking about Security Plus license.

I was under the impression that Security plus license contains everything.

For Advance Endpoint security and Botnet Filter what kind of license do i need? I was reading on some forums, that botnet filter is by default disabled in the logs, but internally it is enabled.

Oh and btw, will the Security Plus license contain license for Mobile anyconnect?

Will there be specific benifits if i buy a Security Plus license for homelab for practicing? Will i be missing out a lot if i do not buy it at all.

My apologies, if i am goofing up words, product. Trying to get accustomed to this.

So, i've spent few hrs reading the forum, and various CISCO docs, and get a fair amount of idea about various licenses needed to enable or get images to various add-on features.

Just one more question here, looks like every year renewing these licenses is going to set me up like close to 800 USD?

Unlike Meraki is 150 usd per year?

I depends on what features you require on the Firewall and Firepower systems. You have:

1) Anyconnect < Plus and Apex > for remote access VPN features, including Advanced Security Assessment.

2) Firepower <IPS, URL and AMP> for NGFW and NGIPS features.

3) Security plus  - To enable failover and increase number of VLANS.

Anyconnect and Firepower licenses are subscription based so depending on feature, could cost a bit. If you want this for a small office/home office, the Meraki is suitable - most of the features come with the standard license, but advanced features can be enabled if you purchase the subscription based advanced security license.

Hope this helps.

Also, i read online on other forums, is that the IPS filter covers a lot more stuff than the Security plus, is that true? And that the Botnet filter is mostly covered with web filter prevention?

So, i've spent few hrs reading the forum, and various CISCO docs, and get a fair amount of idea about various licenses needed to enable or get images to various add-on features.

Just one more question here, looks like every year renewing these licenses is going to set me up like close to 800 USD?

Unlike Meraki is 150 usd per year?

Review Cisco Networking for a $25 gift card