You can manage an individual or standalone Cisco ASA Firewall with FirePOWER module using ASDM if there's no IT budget to support and deploy the Firepower Management Center (FMC). You'll need to preform some basic tweaks on the FirePOWER module by performing updates and applying feature licenses.
You can view the current version of the ASA FirePOWER module in three ASDM locations:
1) Home > ASA FirePower Dashboard
2) Home > ASA FirePOWER Status
3) Configuration > ASA FirePOWER Configuration > System Information
Different Product Update Types will appear after the download > click Install. Notice the Cisco Network Sensor Patch would need a Reboot (only the FirePOWER module). You can also choose Push if you want to download the patch first (on the SSD/FirePOWER module), schedule a downtime for the FirePOWER module, then do the Install. The Install will directly download the patch, do the actual Install and reboot the FirePOWER module, similar to a non-interactive mode.
The Rule Updates tab pertain to the IPS rules or specifically the Snort Rule Updates (SRU)
The Geolocation Updates tab is for the database mapping of public IP address to different countries.
There are two license types used by Cisco FirePOWER: Smart and Classic License. The Smart License are used by the Firepower Threat Defense (FTD) and Classic License are for the ASA FirePOWER modules. Here's a good illustration on the different licensing types depending on the features that you'll need.
Once added, highlight the specified PAK/Token > click the blue arrow > Get Licenses
Click Next
Enter the License Key (from the ASA FirePOWER module).
To retrieve the ASA FirePOWER module License Key via ASDM, go to Configuration > Licenses > Add New License.
Once the FirePOWER License key has been entered > verify the email (to send the Protect+Control license) click Submit.
You can either directly download the License key (.lic) by clicking Download or get the zipped file in your email.
Open the license file in notepad > copy license key (text between the BEGIN and END)
Paste the license key > click Submit License.
It will display Success and Status as Valid License. Notice the PROTECT+CONTROL License never expires (perpetual).
Click Return to Licensing Page.
You can get a free 45-day Demo/Evaluation license (L-5506W-TAMC-E45D=) for IPS, URL Filter and Advanced Malware Protection (AMP). Click Get Licenses > Demo and evaluation.
Choose Security Products > Cisco ASA FirePOWER Demo License
Choose Cisco ASA5506W-X FirePOWER demo License > click Next
Choose Smart Account and Virtual Account > click Next. Select the Product SKUs (mine's L-5506W-TAMC-E45D=) > type (or paste) License Key > Company Name and Partner Info
Click Submit. You can download the license key, open in notepad (I used Notepad++ in this case) then copy and paste in ASDM License Page.
Copy and paste the URLFilter and MALWARE individually (one at a time).
Notice the Demo URL Filter and MALWARE licenses became perpetual (never expires) after being installed.
You can view the current version of the ASA FirePOWER module in three ASDM locations:
1) Home > ASA FirePower Dashboard
2) Home > ASA FirePOWER Status
3) Configuration > ASA FirePOWER Configuration > System Information
You can
apply the FirePOWER module updates under Configuration > ASA FirePOWER
Configuration > Updates. There are
three tabs: Product Updates, Rule Updates and Geolocation Updates.
The Product Updates are the Linux OS patches and Vulnerability Database (VDB) updates for the FirePOWER module. Under
Product Updates > click Downloads updates (ASDM page will load for few
minutes).
Different Product Update Types will appear after the download > click Install. Notice the Cisco Network Sensor Patch would need a Reboot (only the FirePOWER module). You can also choose Push if you want to download the patch first (on the SSD/FirePOWER module), schedule a downtime for the FirePOWER module, then do the Install. The Install will directly download the patch, do the actual Install and reboot the FirePOWER module, similar to a non-interactive mode.
The Rule Updates tab pertain to the IPS rules or specifically the Snort Rule Updates (SRU)
The Geolocation Updates tab is for the database mapping of public IP address to different countries.
There are two license types used by Cisco FirePOWER: Smart and Classic License. The Smart License are used by the Firepower Threat Defense (FTD) and Classic License are for the ASA FirePOWER modules. Here's a good illustration on the different licensing types depending on the features that you'll need.
The Protect and Control license is inlcuded by default. You can contact the Cisco TAC Licensing team if there's no PAK folder included. Once you retrieve the PAK license (either a hard copy or e-PAK PDF), you should register it by going to the Cisco Licensing Registration Portal (LRP). There's some changes in the licensing portal and there's a short video tutorial in how to navigate the new PAK Enhanced Licensing portal.
Select
your Virtual Account > Add New PAKs/Tokens > Enter the PAK > click OK.
Once added, highlight the specified PAK/Token > click the blue arrow > Get Licenses
Click Next
Enter the License Key (from the ASA FirePOWER module).
To retrieve the ASA FirePOWER module License Key via ASDM, go to Configuration > Licenses > Add New License.
Once the FirePOWER License key has been entered > verify the email (to send the Protect+Control license) click Submit.
You can either directly download the License key (.lic) by clicking Download or get the zipped file in your email.
Open the license file in notepad > copy license key (text between the BEGIN and END)
Paste the license key > click Submit License.
It will display Success and Status as Valid License. Notice the PROTECT+CONTROL License never expires (perpetual).
Click Return to Licensing Page.
You can get a free 45-day Demo/Evaluation license (L-5506W-TAMC-E45D=) for IPS, URL Filter and Advanced Malware Protection (AMP). Click Get Licenses > Demo and evaluation.
Choose Security Products > Cisco ASA FirePOWER Demo License
Choose Cisco ASA5506W-X FirePOWER demo License > click Next
Choose Smart Account and Virtual Account > click Next. Select the Product SKUs (mine's L-5506W-TAMC-E45D=) > type (or paste) License Key > Company Name and Partner Info
Click Submit. You can download the license key, open in notepad (I used Notepad++ in this case) then copy and paste in ASDM License Page.
Copy and paste the URLFilter and MALWARE individually (one at a time).
Notice the Demo URL Filter and MALWARE licenses became perpetual (never expires) after being installed.
No comments:
Post a Comment