Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4996
Views
10
Helpful
4
Replies

what is the difference between SFR and IPS module ?

akash.tiwari
Level 1
Level 1

‎02-05-2020 09:51 PM

can someone told me what is the difference between SFR and IPS module ?

 

 

Labels:
0 Helpful
4 Replies 4

Muhammad Awais Khan
Cisco Employee
Cisco Employee

‎02-05-2020 10:07 PM - edited ‎02-05-2020 10:20 PM

Hi,

 

In Cisco ASA, we used to have legacy IPS modules for intrusion prevention services only.

 

After Cisco acqusition of Firepower, they started integrating Firepower services in ASA by adding additional module they called Firepower module/SFR which offers three services:

- NGIPS

 - Advance Malware Protection

- Content/URL Filtering

 

Each of these features requires licenses to enable it on ASA in addition to ASA with SFR module. 

 

Ref: https://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/firewall/asa-firewall-cli/modules-sfr.html

 

In some of the ASA 5500-X , we have two type of software codes available. ASA code with additional module SFR/Firepower services and second one is FTD. FTD or Firepower Threat Defence is a unified software code having functionality of ASA ( L3/L4 Routing, NAT, Routing ) + Firepower ( AMP, Content Filtering, NGIPS) combined or unified.

 

ASA with Firepower Serivces/SFR is two seperate engines reside in a box while FTD is a single unified code for both type of features. Some of the ASA 5500-X appliances do supports FTD code also but release notes need to be checked for latest version as we have started seeing that some of the ASA's cannot suppor latest software release of FTD. 

 

Cisco have now new Firepower appliances that can run ASA code ( ASA  only ) or FTD code. Different platforms are available depending on the size or requirements like FTD 1000/2000/4000/9300. 

 

akash.tiwari
Level 1
Level 1
In response to Muhammad Awais Khan

‎02-05-2020 11:07 PM

can you tell me the difference between Control and Protection License.
0 Helpful

Muhammad Awais Khan
Cisco Employee
Cisco Employee
In response to akash.tiwari

‎02-06-2020 12:14 AM - edited ‎02-06-2020 12:24 AM

Hi,

 

Control is the the license that comes free. It will allow policy for application control, feature is called AVC or application visibility and control

. Policies can be allow or block applications which can be for every one or for specific users.

 

Protection is NGIPS license that will provide protection against intrusion. Those intrusions typically targeted against known vulnerabilities of our operating systems. Further it will also add Security intelligence which will block the connections if initiated from malicious or bad reputed source from outside.

 

Have a look on below.

 

https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541/Licensing.html

Muhammad Awais Khan
Cisco Employee
Cisco Employee
In response to Muhammad Awais Khan

‎02-06-2020 10:27 PM

@akash.tiwari  let us know  for any further info.

 

 

 

- plz rate solution as helpful/accepted as solution if it helped you out. It will be helpful for others who's seeking answers for similar query

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card