Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
678
Views
0
Helpful
3
Replies

Question about managing ASA 5545-X w/ Firepower Services

osmhquser
Level 1
Level 1

‎03-09-2016 05:41 AM - edited ‎02-21-2020 05:45 AM

We are looking to purchase (2) ASA 5545-X w/ Firepower Services due to a limited budget. My question is with only getting 2 appliances, does the ADSM tool allow us to manage both components the ASA firewall and the Firepower services? Or will we have to purchase a separate tool (hardware or software) in order to manage the Firepower configuration, rules, etc.

Thx in advance for providing any assistance.

0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-09-2016 01:13 PM

You can manage the FirePOWER service modules with ASDM (as of FirePOWER 6.0 software) but it will require you to write the policies twice as they will not replicated between the two appliances like the underlying ASA configuration will. 

Better is to purchase the 2-device license for FirePOWER Management Center. It only costs US$500 list price and you deploy it as a VM (requires VMware ESXi host). Then you can write policies once and deploy to both modules. You will also see events from both modules on one dashboard,

0 Helpful

osmhquser
Level 1
Level 1
In response to Marvin Rhoads

‎07-07-2017 02:06 PM

Thx for quick response. Unfortunately we do not run the VMWare ESXi as we are a Hyper-V shop. Looks like we may have to try and purchase the Management Appliance so we don't have to write polices twice.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to osmhquser

‎07-08-2017 04:34 AM

Several of us have been asking Cisco for a Hyper-V version of FMC for a couple of years. The demand has not been high enough for them to release it just yet.

They do now offer KVM and AWS versions though. You can also run a simple FMC on a free ESXi hypervisor. It's bare bones as far as VMware features (no Vmotion, no clustering, no VSAN support etc.) but it gets the job done.

The hardware appliance is a lot faster and stores more events but it's as they say "reassuringly expensive". (List price of the FMC 1000 (the smallest model recommended for production use) is US$24k.) You most likely won't be getting one of those on a constrained budget.

Contrast that with the 2 device license for the VM at US$500 list price. You can run it on a small server that shouldn't be more than $1-2K - maybe even an old unused one you might have sitting around. It only needs 4 vCPUs, 8 GB RAM and 250 GB hard drive.

http://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/vmware/fmcv/FMCv-quick/intro-virtual.html

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card