Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
185
Views
0
Helpful
1
Replies

How to IDS and IPS in a Firepower 2100 working with an ASA Image

Go to solution
Hannibal
Level 1
Level 1

‎04-05-2024 05:14 AM

Hi dear Cisco Community Members, the best Community of Internet

Please, Let me to open this new issue which consist in how to add the functionalities of IDS/IPS in a Firepower Firewall 2100 working with an ASA Image.

We would greatly appreciate your valuable help.

We have a Firepower 2130 Cisco Firewall running with an ASA firewall image.

Right now, we need to add the IDS and IPS functionalities

As we know, in the old ASA firewalls, IDS/IPS functionalities were added through a hardware module instead of a license.

We have many doubts about how to add the IDS/IPS functionalities now knowing that we are running all the Firewall functionalities with an ASA image on a Firepower 2100 chassis.

  1. ¿What options are available to add IDS/IPS functionalities, knowing that we cannot add a hardware module as was done with the chassis of the old ASA Firewalls?
  2. ¿If the IDS/IPS functionalities are added as a license on the native FTD operating system of the Firepower 2130 Firewall, could they be configured from the ASA image commands?
  3. ¿Are there IDS/IPS licenses that can be activated from the ASA image operating within the Firepower 2100 chassis??

With my best regards, thanks in advance

Hans

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Hannibal
Level 1
Level 1

‎04-09-2024 04:39 AM

Hi Dear Community

I would like to share the conclusions of my research right now:

Definitely, Firepower running with an ASA image is not compatible with IDS/IPS. The solution would be to change the ASA IOS to the Firepower FTD and have a license for IDS/IPS.

However, if you have a Firepower running with an ASA image and with configured contexts (virtual firewall), the option of changing from the ASA image to the FTD or native image of the Firepower is not viable because the firepower running with its native image ( FTD) are not supported with virtual contexts or firewalls.

Thank you

Hanns

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Hannibal
Level 1
Level 1

‎04-09-2024 04:39 AM

Hi Dear Community

I would like to share the conclusions of my research right now:

Definitely, Firepower running with an ASA image is not compatible with IDS/IPS. The solution would be to change the ASA IOS to the Firepower FTD and have a license for IDS/IPS.

However, if you have a Firepower running with an ASA image and with configured contexts (virtual firewall), the option of changing from the ASA image to the FTD or native image of the Firepower is not viable because the firepower running with its native image ( FTD) are not supported with virtual contexts or firewalls.

Thank you

Hanns

0 Helpful
Customers Also Viewed These Support Documents