User Info

Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic: ASA FirePower  (Read 3027 times)

Offline Ratha

  • Cisco Newbie
  • *
  • Posts: 1
  • Reputation: 0
    • View Profile
  • Certification: CCNA
ASA FirePower
« on: March 08, 2016, 07:54:45 PM »
Dear Labminute,

Currently I am using ASA with basic license and planning upgrade to FirePower with full feature license. However feel concerning with configuration on existing appliance and New appliance are different while FirePower will use with management center.

so my question are:

Will we configure everything on management center(ex:NAT,VPN,AMP,...)?
Can I backup existing configuration and restore on ASA FirePower? if can does configuration with work with firepower automatically?

Offline milin1607

  • Cisco Newbie
  • *
  • Posts: 9
  • Reputation: 2
    • View Profile
  • Certification: CCIE
Re: ASA FirePower
« Reply #1 on: March 09, 2016, 01:44:22 AM »
Hi Ratha,

Firstly I would like to highlight few basic points here.

1. For the Base Firewall configuration it would be the same (NAT,VPN,ACLs and all) means you can take backup and directly do copy pasting stuff.
2. Here, Management Center is used for only Sourcefire module configuration.

For more reference go through below link

You are not allowed to view links. Register or Login


Offline sucanushie

  • Cisco Newbie
  • *
  • Posts: 20
  • Reputation: 4
    • View Profile
  • Certification: CCNP
Re: ASA FirePower
« Reply #2 on: March 09, 2016, 10:55:23 AM »
There will be a unified image released at some point this year where you can do everything in one management console.

For now ASA config is still done via CLI or ASDM and the Firepower config as mentioned above is done via the management centre

Offline gvoden

  • Cisco Newbie
  • *
  • Posts: 23
  • Reputation: 4
    • View Profile
  • Certification: N/A
Re: ASA FirePower
« Reply #3 on: March 09, 2016, 02:22:10 PM »
I had the same questions a while back.
Basically ASA with FirePOWER is exactly what this says - ASA + FirePOWER - 2 technologies in one. I am using the ASA 5585-X with FirePOWER module - it is a chassis with 2 physical blades in it - one blade for ASA and one for FirePOWER.
The ASA blade controls everything - interfaces, routing, NAT, port channel etc.
The FirePOWER blade is like a Next Gen Firewall (Palo Alto etc) but because Sourcefire used to be a IPS it does not control things like NAT, routing or other network related functions.
The way you use the FirePOWER is to send specific traffic to it for inspection using class and policy maps on the ASA blade. It's confusing and not very user friendly but hopefully the unified platform will fix that.

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 379
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
    • View Profile
  • Certification: CCIE
Re: ASA FirePower
« Reply #4 on: March 09, 2016, 11:14:56 PM »
Just like all the other replies said, ASA continues to work the same way with/without Firepower. You redirect traffic from ASA to Firepower (internally) for additional application-level type processing. There will be some overlapping in function like ACL that you can do on either ASA or FP and it will be up to you. You still manage ASA with CLI/ASDM while using Firepower Mgmt Center for FP module. Lab Minutes have an extensive video series if you are interested in learning more You are not allowed to view links. Register or Login.

Regarding what sucanushie mentioned, Cisco is releasing a unified image for ASA where ASA and FP are included in a single OS. Everything is meant to be managed from FMC GUI. Right now, the 4100 is available while other 5500X platforms will be supported later. First software release (6.0.1) will only support basic ASA functions (route/NAT/ACL) so if you have a need for advanced ASA features, you are better off staying on ASA code for a while.


Related Topics

  Subject / Started by Replies Last post
1 Replies
Last post May 15, 2015, 05:55:19 AM
by MC
2 Replies
Last post June 21, 2015, 11:29:09 AM
by misthe
6 Replies
Last post July 20, 2015, 07:48:48 AM
by amsa
1 Replies
Last post November 06, 2015, 04:57:48 PM
by MC
9 Replies
Last post August 16, 2016, 11:25:04 PM
by MC

SimplePortal 2.3.5 © 2008-2012, SimplePortal