Thanks Marvin,

i have read the guide but when i reach below part, i couldn't understand.

What hostname/ ip address are we talking about??

4. (Optional for 5506-X/5508-X/5516-X) Register the ASA FirePOWER module to a FireSIGHT Management Center:

That "hostname / IP address" would be the FireSIGHT Management Center (FMC).

FMC is a separate server that is required to manage policies, licenses, events etc. for FirePOWER modules (except for the low-end models which have the option of running a lightweight FMC from within ASDM).

The FMC is not reside in the ASA itself?

I need a seperate server (phsical/VM) in order to fully utlize it? right?

How can i know that i entitled to this FMC? Any license required?

Mohd,

FMC runs as a separate VM (or physical appliance for larger installations). In either case it is a separate server. The entry level ASAs (5506, 5508 and 5516) do have the option of running FireSIGHT on ASDM.

Your 5515X does not have that feature.

You are entitled to it only if you bought it.

Yes - it requires a license; that is provided (normally via eDelivery) when you purchase the product. Your reseller or partner should have advised you as to it being required (per the ordering guide which is available to them) and, if you purchased it, also provided the license and instructions for downloading the image.

i got this from Cisco

PAK numbers : ASA5515-CTRL-LIC Cisco ASA5515 Control License .

What is this for? anything to do with FMC

The Control license is a prerequisite zero cost license that the feature licenses (IPS, URL Filtering and Malware) build on. It provides he Application Visibility and Control information that the other licenses use as part of providing their respective functionality.

If is applied to the device or module from FMC, just as all the other licenses are.

hi

I have two ASA 5545 with traditional IPS, i need to buy license for these device for Sourcefire and Firesight and I dont know what is difference between these license:

FS-VMW-10-SW-K9

L-ASA5555-TAMC-3Y

do I need both of above license?

where must i run these license? in asa or firesight?

Where must  i run the ASA-CTRL license?   in asa?

For download Sourcefire signature do i need SmartNet Account? or with "L-ASA5555-TAMC-3Y" licnese  i get a SmartNet Acount?

thanks

The FS- license is for the FireSIGHT Management Center (FMC) itself.

The other one is to license the FirePOWER module on the ASA. It requires the prerequisite ASA-CTRL license.

In either case, one installs the licenses on the FMC. The ASA-specific ones are applied to the ASA from FMC once the ASA is setup as a registered device.

A licensed FMC will download and apply VDB (Sourcefire Vulnerability And Fingerprint Database Updates) updates automatically (assuming you've set it up correctly and completely and that it has Internet access). That is setup under "System > Tools > Scheduling" where you can create a task to "Install Latest Update".

Is the ASA-CTRL an activation key? I must apply it on asa?

and

is it possible to download VDB and do offline update? if yes, what kind of license i need?

ASA-CRTL is a license. It (and all FirePOWER-related licenses) is installed via the FireSIGHT Management Center.

It is possible to download and install the VDB files. The only reason I can imagine for doing so is if your FMC is on a closed network with no Internet access. The files are available for download here and require your cisco.com userid be associated with a current support contract (or term-licensed software).

Then for 2 asa5545 i need exactly :

1. SSD 120G  *  4

2. ASA5545-CTRL-LIC=  * 2

3.L-ASA5545-TAMC-3Y   * 2

4. FS-VMW-2-SW-K9     * 1

5. ASA image 9.4 , asdm 7.4 and  Sourcefire_Defense_Center_Virtual64_VMware-5.4.0-763.tar.gz

Is it correct?

or i need any more to order?

thanks for your answers.

Assuming you have a pair of existing ASA 5545 without SSD already installed, the your items 1-4 are correct.

If you were ordering new, there is a bundle SKU in Cisco Commerce Workspace (CCW- Configuration and Ordering Tools for Cisco and their partners and resellers) that would show new ASA 5545s including the SSDs and software module pre-installed.

Item 5 is not required to be ordered per se but is software you would use. Technically, ASA 9.2(2) suffices for support of the sfr module so you can choose among the current 9.2, 9.3 and 9.4 images based on other features and caveats as documented in the release notes.

If you are indeed buying new SSDs, you will also need to download and deploy the img and pkg files for the FirePOWER modules on the ASAs to build an operating sfr module. Something like "asasfr-5500x-boot-5.4.0-763.img" and "asasfr-sys-5.4.0-764.pkg" (current releases as of this posting).

Those files can be found here. 

The bundle I mentioned would have that already built for you.

If i want download VDB files and do offline update, what part number i must order?

and it will be time-based too?

thanks