Oohh, It mean mine ASA is just a box, cannot use it as a firewall at all. Even the security Zones config need licenses. As compare to Juniper Netscreen/SRX and Fortinet Fortigate, its not gonna help in creating security zones. Will FTD replace the current ASA image? or it will run in parallel and just increase the security capabilities of the ASA?
... View more
@Seb Rupik , Thanks for reply. Someone have suggested me to follow the given below link, which shows that Zones could be configure in ASA. CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.3 https://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/interface-zones.html#65622 Visiting this link and going through all the config, i haven't found even these commands on my ASA 5525X. I am really confused, what to do now?
... View more
Hello everyone, I have Cisco ASA 5525-X with following images asa922-4-smp-k8 asdm 7.2(2)1 asasfr-5500x-boot-5.4.0 I need to deploy the firewall in Datacentre environment. For this purpose , i want to create zones/zone pairs and assign interfaces to different zones, and apply bi-directional policies to control traffic. With my past experience of Juniper Netscreen/SRX firewalls , doing all this was so simple and straight forward. But i am unable to find any commands relevant to Zone based configuration in my current setup. Do i need image upgrade or something else?
... View more
@balaji.bandi , thankx for reply, but in my case, i am unable to see any commands relevant to zone. ASA5525-X with Firepower services. No commands in CLI to configure zones. Is there any issue with ASA image?
... View more
Thank you Balaji.Bandi for ur valuable reply. Few questions in response I). Is it necessary to register the product? as i m having trouble registering the product. 2). What about the SourceFire IPS engine? is it sufficient to run IPS or this will require License ? 3). What benefits would i get if i upgrade the ASA image from 5.4 to 9.6X ? Actually my task is to deploy the firewall within running Network by replacing Cisco Router 2901. Firewall will be supposed to employ all the protection to block attacks from Outside (Internet) to Inside (Trust) and also restrict traffic of internal zones based on IP's/subnets or higher layer ports.
... View more
Hello Experts, I have recently unpacked ASA 5525x that was procured few years back. I have mostly worked in Juniper based environment and new to Cisco firewalls. As per the officials working already in the department, the warranty of the ASA firewall is expired. I have few basic questions 1. Should i register the product with Cisco? is this the requirement to acquire licenses or the licenses are already installed? 2. How to check that how many and which licences are installed on the device? 3. I have currently following images on the device i). asa922-4-smp-k8 ii). asasfr-5500x-boot-5.4.0-763.img What these two images represent? and should i upgrade both of them to newer versions?
... View more
Hello experts, I have recently moved from Juniper(JunOS/Netscreen) based firewall environment and joined a department with Cisco setup. My task is to configure ASA 5525X firewalls to control traffic flow between servers and also towards Internet. In Juniper, i have done this with Firewall Policies controlling traffic between Zones. Also Intra-Zone and Inter-Zone traffic restriction. Address-books used to define single IP/ or multiple IP's. In Juniper, we have done this as follows set security policies from-zone Zone-Name to-zone Zone-Name policy Policy-Name match source-address Src-Adres set security policies from-zone Zone-Name to-zone Zone-Name policy Policy-Name match destination-address Src-Adres set security policies from-zone Zone-Name to-zone Zone-Name policy Policy-Name match application any set security policies from-zone Zone-Name to-zone Zone-Name policy Policy-Name then permit My question is, How to get this done in Cisco ? Defining zones? Assigning interfaces to zone? creating Address books? creating policies with source/destination zone and source/destination address-books? identifying particular ports within policies ? Action deny/permit?
... View more