Home > Articles > Introduction to and Design of Cisco ASA with FirePOWER Services

Introduction to and Design of Cisco ASA with FirePOWER Services

Chapter Description

In this chapter from Cisco Next-Generation Security Solutions: All-in-one Cisco ASA Firepower Services, NGIPS, and AMP, authors Omar Santos, Panos Kampanakis, and Aaron Woland provide an introduction to the Cisco ASA with FirePOWER Services solution. It also provides design guidance and best practices for deploying Cisco ASA with FirePOWER Services.

Firepower Threat Defense (FTD)

In Chapter 1 you learned that Firepower Threat Defense software is unified software that provides next-generation firewall services, including the following:

  • Stateful firewall capabilities

  • Static and dynamic routing

  • Next-generation intrusion prevention systems (NGIPS)

  • Application visibility and control (AVC)

  • URL filtering

  • Advanced Malware Protection (AMP)

In the Cisco ASA, you can use FTD in single context mode and in routed or transparent mode. Multiple context mode is not supported at this writing.

The following are the Cisco ASA 5500-X models that support a reimage to run the FTD software:

  • ASA 5506-X

  • ASA 5506W-X

  • ASA 5506H-X

  • ASA 5508-X

  • ASA 5512-X

  • ASA 5515-X

  • ASA 5516-X

  • ASA 5525-X

  • ASA 5545-X

  • ASA 5555-X

To reimage one of the aforementioned Cisco ASA models, you must meet the following prerequisites:

  • You must have a Cisco Smart Account. You can create one at Cisco Software Central (https://software.cisco.com).

  • You need to review the FTD software version release notes to become familiar of the supported features, as Cisco continues to add features very regularly.

  • Add at least a base FTD license to your Smart Account (for example, L-ASA5516T-BASE=).

  • You must have access to an FMC (virtual or physical).

  • You must have access to the console port of the Cisco 5500-X appliance on which FTD software will be installed, either directly from the computer being used for installing FTD software or through a terminal server.

  • It is a best practice to back up your existing configuration.

  • Understand that when you reimage and install FTD software on your Cisco ASA, all previous files and configurations saved on the ASA are lost.

  • You need to have the required minimum free space (3 GB plus the size of the boot software) available on the flash (disk0).

  • You must have an SSD in your Cisco ASA.

  • You must have access to a TFTP server to host the FTD images.

In Chapter 3, you will learn how to reimage and install the FTD software in supported Cisco ASA models.

There are currently no related articles. Please check back later.