Install The Licenses; Configure The Asa Firepower Security Policy; Configure The Asa Security Policy - Cisco ASA 5512-X Quick Start Manual

Cisco ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, and ASA 5555-X Quick Start Guide

Install the Licenses

The Control and Protection licenses are provided by default and the Product Authorization Key (PAK) is included on a printout in
your box. If you ordered additional licenses, you should have PAKs for those licenses in your email.
Procedure
1. Obtain the License Key for your chassis by choosing Configuration > ASA FirePOWER Configuration > Licenses and
clicking Add New License.
The License Key is near the top; for example, 72:78:DA:6E:D9:93:35.
2. Click Get License to launch the licensing portal. Alternatively, in your browser go to
3. Enter the PAKs separated by commas in the Get New Licenses field, and click Fulfill.
4. You will be asked for the License Key and email address among other fields.
5. Copy the resulting license activation key from either the website display or from the zip file attached to the licensing email that
the system automatically delivers.
6. Return to the ASDM Configuration > ASA FirePOWER Configuration > Licenses > Add New License screen.
7. Paste the license activation key into the License box.
8. Click Verify License to ensure that you copied the text correctly, and then click Submit License after verification.
9. Click Return to License Page.

Configure the ASA FirePOWER Security Policy

Procedure
1. Choose Configuration > ASA FirePOWER Configuration to configure the ASA FirePOWER security policy.
Use the ASA FirePOWER pages in ASDM for information. You can click Help in any page, or choose Help > ASA
FirePOWER Help Topics, to learn more about how to configure policies.
See also the ASA FirePOWER module user guide.

Configure the ASA Security Policy

Procedure
1. To send traffic to the module, choose Configuration > Firewall > Service Policy Rules.
2. Choose Add > Add Service Policy Rule.
3. Choose whether to apply the policy to a particular interface or apply it globally and click Next.
4. Configure the traffic match. For example, you could match Any Traffic so that all traffic that passes your inbound access rules
is redirected to the module. Or, you could define stricter criteria based on ports, ACL (source and destination criteria), or an
existing traffic class. The other options are less useful for this policy. After you complete the traffic class definition, click Next.
5. On the Rule Actions page, click the ASA FirePOWER Inspection tab.
6. Check the Enable ASA FirePOWER for this traffic flow check box.
7. In the If ASA FirePOWER Card Fails area, click one of the following:
— Permit traffic—Sets the ASA to allow all traffic through, uninspected, if the module is unavailable.
— Close traffic—Sets the ASA to block all traffic if the module is unavailable.
Cisco ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, and ASA 5555-X Quick Start Guide
7.Configure the ASA FirePOWER Module
http://www.cisco.com/go/license.
12