Nov 21, 2018 Hello folks, I have a hard time getting my head around Firepower deployment on ASA5506-X, managed with ASDM. I'm trying to follow the manuals but just don't get it. Could anybody tell me the configuration needed (CLI) to match traffic that should be. May 25, 2016 ASA FirePOWER Module User Guide for the ASA5506-X, ASA5506H-X, ASA5506W-X, ASA5508-X, and ASA5516-X, Version 5.4.1. Chapter Title. Licensing the FireSIGHT System ASA FirePOWER Module. PDF - Complete Book (6.83 MB) PDF - This Chapter (492.0 KB) View with Adobe Reader on a variety of devices. The latter came to an End-of-Sale in 2014 and now the replacement low-end model is the new Cisco ASA 5506-X. One of the most popular configuration guides on this blog is this basic ASA 5505 tutorial. Since these are useful posts for many people, I’ve decided to write also a configuration tutorial for the new ASA. Nov 19, 2016 Cisco ASA FirePOWER Services Licensing. You have already learned that the Cisco ASA FirePOWER module can be managed by the Firepower Management Center or ASDM, in the case of the Cisco ASA 5506-X and 5508-X.
This chapter provides an introduction to the Cisco ASA with FirePOWER Services solution. It also provides design guidance and best practices for deploying Cisco ASA with FirePOWER Services. This chapter covers the following topics:
- Introduction to Cisco ASA FirePOWER Services
- Inline versus promiscuous mode
- Cisco ASA FirePOWER management options
- Cisco ASA FirePOWER Services sizing
- Cisco ASA FirePOWER Services licensing
- Compatibility with other Cisco ASA features
- Cisco ASA FirePOWER packet processing order of operations
- Cisco ASA FirePOWER Services and failover
- Cisco ASA FirePOWER Services and clustering
- Deployment of the Cisco ASA FirePOWER Services in the Internet edge
- Deployment of the Cisco ASA FirePOWER Services in VPN scenarios
- Deployment of the Cisco ASA FirePOWER Services in the data center
Introduction to Cisco ASA FirePOWER Services
In Chapter 1, “Fundamentals of Cisco Next-Generation Security,” you learned about the different Cisco next-generation security products and technologies. You also learned that those security technologies and processes should not focus solely on detection but should also provide the ability to mitigate the impact of an attack. Organizations must maintain visibility and control across the extended network during the full attack continuum:
- Before an attack takes place
- During an active attack
- After an attacker starts to damage systems or steal information
The Cisco ASA with FirePOWER Services and Cisco’s Advanced Malware Protection (AMP) provide a security solution that helps you discover threats and enforce and harden policies before an attack takes place. These technologies and solutions can help you detect, block, and defend against attacks that have already taken place. In Chapter 1 you also learned that the Cisco ASA family has members in many shapes and sizes, and you learned about their uses in small, medium, and large organizations.
Cisco introduced the Cisco ASA FirePOWER Services as part of the integration of the SourceFire technology. Cisco ASA FirePOWER Services provides the following key capabilities:
- Access control: This policy-based capability allows a network security administrator to define, inspect, and log the traffic that traverses a firewall. Access control policies determine how traffic is permitted or denied in a network. For instance, you can configure a default action to inspect all traffic or to block or trust all traffic without further inspection. You can also achieve a more complete access control policy with enrichment data based on security threat intelligence. Whether you configure simple or complex rules, you can control traffic based on security zones, network or geographical locations, ports, applications, requested URLs, and per user.
- Intrusion detection and prevention: Intrusion detection and prevention help you detect attempts from an attacker to gain unauthorized access to a network or a host, create performance degradation, or steal information. You define intrusion detection and prevention policies based on your access control policies. You can create and tune custom policies at a very granular level to specify how traffic is inspected in a network.
- AMP and file control: You can detect, track, capture, analyze, and optionally block the transmission of files, including malware files and nested files inside archive files in network traffic. File control also enables you to detect and block users from sending or receiving files of different specified types over a multitude of application protocols. You can configure file control as part of the overall access control policies and application inspection.
- Application programming interfaces (APIs): Cisco ASA FirePOWER Services supports several ways to interact with the system using APIs.
Cisco Asa 5506 X Setup
The Cisco ASA FirePOWER module can be a hardware module on the ASA 5585-X only or a software module that runs in a solid state drive (SSD) in all other Cisco ASA 5500-X models.