Solved: Software and Licensing confusion for asa5512-ips edition firewall

nukeiraq1 · ‎04-09-2015

Hi all, we are looking at purchasing a Cisco ASA 5512-X IPS Edition but we are having a very difficult time trying to figure out what software and licensing we need for it. Can someone please answer the following questions?

1. I see the part number for the software is ASA5512-NI1Y (at least this is what we were told), but I see that some places sell it for over 800 dollars like http://nextwarehouse.com/item/?1518620 and then some sell it for 99 cents, like http://www.pcm.com/p/Cisco-Anti-Virus-&-Security-Software-Licensing/product~dpno~9969455~pdp.ificche - how can this possibly be right? Does the 800 dollar one contain the licenses???

I cannot get a straight answer from Cisco on this, every time I call to ask about it all I get is a sales pitch to buy it from them alone and a promise that someone will call me back "with more details".

2. Is there only one software package for this? As in, if we buy ASA5512-NI1Y will every feature of the firewall be available?

Thanks all, hopefully my questions make some sense as this has been really confusing and frustrating for us.

Mike Anderson

Marvin Rhoads · ‎04-10-2015

That's the appliance, yes.

I can't speak for newegg as to if they correctly will advise you as to the license options and necessary FMC that you need to purchase.

View solution in original post

Marvin Rhoads · ‎04-09-2015

That part number is only for the IPS license of the soon-to-be-discontinued ASA 5512-X with CX module (last day of sales August 17 2015 - reference). It does not include the ASA appliance itself. That said, it is capable of running as a perimeter firewall with basic IPS functionality. No additional software is required (although a support contract on the base ASA appliance is required to add on a current IPS subscription license).

You would be better served with an ASA 5512-X with FirePOWER module. The FirePOWER technology (from the 2013 acquisition of Sourcefire) is more advanced than the signature-based technology in the CX's IPS and will be the strategic platform that is further built upon moving forward.

Any qualified Cisco partner should be able to create a valid quote for you to purchase one.

nukeiraq1 · ‎04-09-2015

Thanks for your answer, though I am still unsure of what we need to purchase. Is the "ASA 5512-X with FirePOWER module" software or hardware?

Marvin Rhoads · ‎04-09-2015

The "ASA 5512-X with FirePOWER module" is a hardware appliance with a Solid State Drive (SSD). The device is imaged with both the base ASA system software and the FirePOWER module software. Think of it as kind of a hypervisor (like VMware ESXi, KVM etc.) with only two possible guest Operating Systems. One always has to be the ASA system software. The second can be the classic IPS module, CX module, or FirePOWER module. Those first two types have had End of Sales announcements and will be discontinued moving forward.

In addition, you need to decide and purchase term-based software subscription licenses for the FirePOWER module. Options are IPS, URL Filtering, and Advanced Malware protection (AMP) or some combination of the three. They are further available in 1 or 3-year terms.

The FirePOWER module requires a separate (off-box) FireSIGHT Management Center (FMC) to create and deploy policies and collect events from the FirePOWER module. FMC can run as a VM on an ESXi server or is also available as a dedicated appliance (usually for larger installations).

nukeiraq1 · ‎04-09-2015

Is this it?

http://www.newegg.com/Product/Product.aspx?Item=9SIA25V22E2272&cm_re=asa_5512-x-_-9SIA25V22E2272-_-Product

Marvin Rhoads · ‎04-10-2015

That's the appliance, yes.

I can't speak for newegg as to if they correctly will advise you as to the license options and necessary FMC that you need to purchase.

nukeiraq1 · ‎04-10-2015

OK, thanks, we will have our China-based Cisco rep handle the software I guess as the hardware will be shipped there.

Thanks for you help!