Author Topic: Cisco ASA with FirePOWER (Read 27339 times)

amsa · « **on:** July 11, 2015, 09:28:20 AM »

Hi all,

My company is ready to deploy demo ASA with firepower, I have some questions about that,

what is the technical issues we will meet if we upgrade our ASA to FP and which the rollback steps after the end of the demo?

ASA with firepower can be support about 4000 concurrent session (integrate with Active Directory) ? & support Single sign on ?

can we management for user ?

how to URL filtering categories ?

Which feature not found in ASA with firepower and exists in WSA ? i.e, Cisco ASA with FirePOWER can replace WSA In all the functions?

please help me

thanks,

MC · « **Reply #1 on:** July 11, 2015, 05:37:14 PM »

Please keep in mind the FP and ASA are two logically separate device even though FP is physical hosted inside an ASA as a software service or hardware module. Upgrading ASA to 5500X model is the prerequisite. After that FP can be installed and you are free to whether or not redirect traffic from ASA to FP.
Please check the datasheet on the FP capacity per the model you have.
Not sure what you mean by single-sign-on. FP/Firesight relies on username-to-IP mapping provided by the SourceFire User Agent and allows you to use user or usergroup in access-control list so user does not actually need to perform additional authentication.
URL filtering by category is supported with URL license.
One main difference is FP does not function as web proxy/cache or support WCCP like WSA.

amsa · « **Reply #2 on:** July 11, 2015, 10:25:09 PM »

Thanks a lot MC,

and , you can prevent one user from different addresses in ASA FP ?

MC · « **Reply #3 on:** July 13, 2015, 05:30:33 AM »

Could you please elaborate on your question?

amsa · « **Reply #4 on:** July 15, 2015, 02:46:48 AM »

Ok
How can one ensure single logon for AD users, Situation exist where one users open multiple login session on different computer? Can we control that by Cisco ASA with FirePower ?

another question please

ASA with firepower is mandatory (stop video, social media, anonymous proxies, tunneling softwares (ex. TOR, Ultra surf, etc.)?

thanks,

MC · « **Reply #5 on:** July 15, 2015, 05:50:54 AM »

FirePower cannot enforce user to only have single session although it will be able to track all the IPs the user are coming from via Sourcefire User Agent and enforce access-control properly.
Any application filtering capability requires FirePower with Control (AVC) license.

amsa · « **Reply #6 on:** July 20, 2015, 07:48:48 AM »

thanks alot MC

Search

User Info

Author Topic: Cisco ASA with FirePOWER (Read 27339 times)

amsa

Cisco ASA with FirePOWER

MC

Re: Cisco ASA with FirePOWER

amsa

Re: Cisco ASA with FirePOWER

MC

Re: Cisco ASA with FirePOWER

amsa

Re: Cisco ASA with FirePOWER

MC

Re: Cisco ASA with FirePOWER

amsa

Re: Cisco ASA with FirePOWER

Related Topics