Solved: Logging into IPS module on an ASA 5525

Ramesh.Ramani · ‎08-03-2015

Hi All,

Quick question here. I have a new ASA 5525-X with IPS module.

The IPS needs to be setup as an IDS and i have been told that without Fire Sight Management Controller we cannot apply a licenses to the module.

I have also been told with the 5525, we cannot install log into the module to setup the licenses. Please can someone confirm if i can install the licenses for the module? If so, how can i log into the IDS to set it up? Is this possible at all?

Regards,

Ramesh

Marvin Rhoads · ‎08-04-2015

The one you've listed is the legacy model that is end of sales as of April 26 2015. See this notice.

They have their own Quick Start Guide here.

For those legacy IPS modules, you don't apply licenses. Instead your Smartnet must be the proper type of contract that includes subscription coverage for the IPS signature updates.

Management of the legacy IPS devices is either via ASDM/IDM or, for a bit better visibility, via IPS Manager Express (IME). (There's also the option of Cisco Security Manager for larger deployments.)

Signature updates and software upgrades for the legacy IPS modules can be done manually or automatically (assuming you have a valid support contract that includes the subscription entitlement). Instructions for that are here.

View solution in original post

Marvin Rhoads · ‎08-03-2015

By following the Quick Start Guide you can perform the initial setup (IP address etc.) of the FirePOWER module. That can be done from either ASDM or cli.

All licensing (and policy creation/deployment) for the FirePOWER module on the ASA 5525-X does indeed need to be applied from the managing FireSIGHT Management Center.

Ramesh.Ramani · ‎08-03-2015

Hi Marvin,

Thanks for that. a couple of questions though:

- Sorry if this is a noob question - but i'm new to IPS/IDS - how do i know the device ordered for us is the new ASA with Firewpower/Firesight features or the legacy module? This is all that the Bill of Materials tells me:

ASA5525-IPS-K9

ASA 5525-X with IPS, SW, 8GE Data, 1GE Mgmt, AC, 3DES/AES

- Can i not apply the licenses on the module through the ASDM? Is there a cisco link which confirms this?

- Do i need Firesight Management Center for this? Can i not use it like the legacy IPS modules wherein i only ever need the ASDM to do all the configurations?

Again, is there a link which confirms this?

Thanks!!

Marvin Rhoads · ‎08-04-2015

The one you've listed is the legacy model that is end of sales as of April 26 2015. See this notice.

They have their own Quick Start Guide here.

For those legacy IPS modules, you don't apply licenses. Instead your Smartnet must be the proper type of contract that includes subscription coverage for the IPS signature updates.

Management of the legacy IPS devices is either via ASDM/IDM or, for a bit better visibility, via IPS Manager Express (IME). (There's also the option of Cisco Security Manager for larger deployments.)

Signature updates and software upgrades for the legacy IPS modules can be done manually or automatically (assuming you have a valid support contract that includes the subscription entitlement). Instructions for that are here.

Ramesh.Ramani · ‎08-04-2015

Thank you very much for this Marvin!!