Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1379
Views
20
Helpful
6
Replies

Question about Cisco ASA 5515-X

Kwaki
Level 1
Level 1

‎07-23-2021 05:37 AM

Hello

My idea was to use a hardware firewall for a yet to be built private network at home.
Looking for appropriate models, I came across the series of Cisco (ASA) 5515-X, which would be available at various dealers more or less cheap.
My question now would be, if there are still "active" licenses on it, are they still valid (but I think this is more a question for the respective dealer if he can answer this) or rather, if there are for the purely private operation at home either very cheap or function-skimped licenses which are possibly free of charge, similar to the model of e.g. Sophos.
Perhaps someone has information about this.

 

If the post here is not correct, please move it if possible.

Thanks

 

Labels:
0 Helpful
6 Replies 6

Rob Ingram
VIP
VIP

‎07-23-2021 10:46 AM

@Kwaki 

What image are you purchasing the ASA hardware with, ASA or FTD?

You'll get a base license with both ASA or FTD.

If you stay with ASA image you'll get 2 RAVPN licenses, however the FTD does not include this, so you'll have to purchase AnyConnect licenses.

With FTD you optionally have licenses for Threat, Malware, URL etc features, these are not free of charge.

The ASA 5515-x only supports FTD image up to version 6.4, the latest FTD image (7.0).

Depending on how much money you wish to spend, the FPR1010 hardware will support the latest software.

Kwaki
Level 1
Level 1
In response to Rob Ingram

‎07-24-2021 07:19 AM - edited ‎07-24-2021 07:21 AM

Hi
Thanks for the answer, however I do not know the differences in the ASA or FTD version yet.
What is then available on the respective hardware, I would have to find out in advance in case of an intended purchase.
So my question is rather, is it worth it as a private person or for private use to acquire such a device.
If, let's say, an ASA license is still available on it at the time of purchase, but this expires in, say, half a year, what costs would I have to expect in the event of a license renewal?
I think it is not necessary to mention further that costs in the four-digit range are then out of the question

I would like to buy the hardware -even if it is cheap because of EOL- and not be stuck with useless hardware because of a lack of licenses.

Are there any concrete overviews?

 

0 Helpful

Marius Gunnerud
VIP
VIP
In response to Kwaki

‎07-24-2021 12:16 PM

This would depend on what license is currently active on the ASA or FTD and what functionality you require.  As this is a home / private network I doubt you would need more that what is provided by the base license which is a perpetual license (doesn't need to be renewed).  It also has a default 2 AnyConnect license included.  If you are looking for IPS functionality you need to go for FTD as the IPS SSM for ASA is end of life.  Also Cisco now has two firewalls that do just about the same thing, so I believe it will not be long before the ASA goes end of life also.

For pricing you need to contact your local Cisco partner or reseller, as prices differ from parter to partner and country to country.  The following link has some more info on licensing for the ASA:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa916/configuration/general/asa-916-general-config/intro-license.html

 

--
Please remember to select a correct answer and rate helpful posts

Kwaki
Level 1
Level 1
In response to Rob Ingram

‎07-31-2021 05:21 AM

Oki. Then thanks to all for the support

Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-24-2021 09:11 PM

Cisco firewalls are not designed for the home user use case. Unless you are already proficient in Cisco firewalls or studying to become thus skilled, I would submit that you would be better served buying something designed for the SOHO market.

I'd recommend something like a Ubiquiti firewall, pfSense running on Netgate or even an Asus wi-fi system with aiProtection.

idmsguru
Level 1
Level 1
In response to Marvin Rhoads

‎07-25-2021 02:29 AM

I tend to agree. I’m bringing an older 5516-X on line this afternoon that was recently in service by my company only because I lost all of my Sonicwall gear at home from a nearby lightning strike last weekend. It’s complete overkill for what I need - I have a very flat network with one vlan for a guest network. I haven’t configured a Cisco firewall router since my PIX-501. It’s a lot of work if you really don’t need it…most of your threats are from the WIFI side. I wasn’t overly impressed with Sonicwall was a whole but it was a piece of cake to provision access points with a dedicated VLAN for a guest network. Right now I have a $100 consumer grade Netgear router in bridge mode to handle the WIFI and Guest VLAN. I don’t trust it. What I need is a SOHO router like my TZ-400 with a dedicated access point managed by the firewall with updated IDS signatures.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card