Re: vFMC deployment pn validation

NE Team · ‎05-05-2020

I am looking for help with a sanity check with a virtual deployment. Current we have the ASA5516-FPWR-K9 and ASA5516-CTRL-LIC licenses so I think we are good on the ASA side. I was looking to purchase the pn SF-FMC-VMW-10-K9 for 4 of our physical ASA's. Should that cover our needs?

Thanks in advance,

Danny

Marvin Rhoads · ‎05-05-2020

That part number is Firepower Management Center for VMware with capability to manage 10 devices.

It won't manage the ASAs per se but rather the Firepower service modules on them.

You need to have your own ESXi server. The latest FMC release (6.6) requires 28 GB of RAM so it's a relatively heavy application.

NE Team · ‎05-05-2020

Hi Marvin, thanks I'm planning on hosting it in Azure. It's going to be really expensive for the size environment that we have.

NE Team · ‎05-05-2020

@Marvin Rhoads thanks for lending your expertise. I missed the actual feature licenses. I am looking to buy the L-ASA5516-TAMC= PN for our 5516's. We don't have the 5516's setup for firepower services currently. Would the PN ASA5516-TAMC= work for both modes if we were to convert?

Marvin Rhoads · ‎05-05-2020

That part number is OK as the top level SKU for IPS, URL Filtering and AMP for the 5516-X. There is a term license that goes along with it as well. Something like "L-ASA5516-TAMC-3Y" (or -1Y or -5Y depending on 1, 3 or 5-year term).

If you change over to run FTD then a different part number applies.

I'd recommend seriously considering FTD with CDO cloud-based management.