Cisco ASA 5506-X Configuration Manual page 346
Cli
Hide thumbs
Also See for ASA 5506-X:
- Installation manual (46 pages) ,
- Hardware installation manual (26 pages) ,
- Quick start manual (14 pages)
Advertisement
Licensing Requirements for the ASA FirePOWER Module
Compatibility with ASA Features
The ASA includes many advanced application inspection features, including HTTP inspection.
However, the ASA FirePOWER module provides more advanced HTTP inspection than the ASA
provides, as well as additional features for other applications, including monitoring and controlling
application usage.
To take full advantage of the ASA FirePOWER module features, use the following guidelines for traffic
that you send to the ASA FirePOWER module:
•
•
•
•
Licensing Requirements for the ASA FirePOWER Module
The ASA FirePOWER module and FireSIGHT Management Center require additional licenses, which
need to be installed in the module itself rather than in the context of the ASA. The ASA itself requires
no additional licenses.
See the Licensing chapter of the FireSIGHT System User Guide or the online help in FireSIGHT
Management Center for more information.
Guidelines for ASA FirePOWER
Failover Guidelines
Does not support failover directly; when the ASA fails over, any existing ASA FirePOWER flows are
transferred to the new ASA. The ASA FirePOWER module in the new ASA begins inspecting the traffic
from that point forward; old inspection states are not transferred.
You are responsible for maintaining consistent policies on the ASA FirePOWER modules in the
high-availability ASA pair (using FireSIGHT Management Center) to ensure consistent failover
behavior.
ASA Clustering Guidelines
Does not support clustering directly, but you can use these modules in a cluster. You are responsible for
maintaining consistent policies on the ASA FirePOWER modules in the cluster using FireSIGHT
Management Center. Do not use different ASA-interface-based zone definitions for devices in the
cluster.
Model Guidelines
•
Cisco ASA Series Firewall CLI Configuration Guide
16-6
Do not configure ASA inspection on HTTP traffic.
Do not configure Cloud Web Security (ScanSafe) inspection. If you configure both ASA
FirePOWER inspection and Cloud Web Security inspection for the same traffic, the ASA only
performs ASA FirePOWER inspection.
Other application inspections on the ASA are compatible with the ASA FirePOWER module,
including the default inspections.
Do not enable the Mobile User Security (MUS) server; it is not compatible with the ASA
FirePOWER module.
For ASA model software and hardware compatibility with the ASA FirePOWER module, see
ASA
Compatibility.
Chapter 16
ASA FirePOWER (SFR) Module
Cisco
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
