Cisco ASA5525-FPWR-X K9 VPN PREMIUM+ FirePOWER services+750 AnyConnect APEX

Description

ASA5525-FPWR-K9
(ASA5525-FPWR-X)
Anyconnect APEX and PLUS  included
FirePOWER ( module included and SFR INSTALLED)
This unit has the FIREPOWER MODULE and can run SFR with no problems. Keep in mind that SFR subscription licenses are sold separately by Cisco .
Also note how IPS is enabled under show version in case you want to fall back to Cisco's Legacy IPS
ciscoasa#
Show Version
Licensed features for this platform:
Maximum Physical Interfaces
:
Unlimited
perpetual
Maximum VLANs
:
200
perpetual
Inside Hosts
:
Unlimited
perpetual
Failover
:
Active/Active
perpetual
Encryption DES
:
Enabled
perpetual
Encryption-3DES-AES
:
Enabled
perpetual
Security Contexts
:
20
perpetual
Carrier
:
Disabled
perpetual
AnyConnect Premium Peers
:
750
perpetual
AnyConnect Essentials
:
750
perpetual
Other VPN Peers
:
750
perpetual
Total VPN Peers
:
750
perpetual
AnyConnect for Mobile
:
Enabled
perpetual
AnyConnect for Cisco VPN Phone
:
Enabled
perpetual
Advanced Endpoint Assessment
:
Enabled
perpetual
Shared License
:
Enabled
perpetual
Total TLS Proxy Sessions
:
1000
prepetual
Botnet Traffic Filter
:
Enabled
perpetual
IPS Module
:
Enabled
perpetual
Cluster
:
Enabled
Perpetua
Cluster Members
:
4
perpetual
Login into Firepower
ciscoasa#
session sfr console
Opening console session with module sfr.
Connected to module sfr. Escape character sequence is 'CTRL-^X'.
Cisco ASA5525 v6.2.2 (build 81)
firepower login:
admin  (default Cisco user name)
Password:
Admin123 (default Cisco password)
ciscoasa#
Show Flash
--#--  --length--  -----date/time------  path
97  41848832
Apr 01 2019
00:22:40
asasfr-5500x-boot-6.2.2-3.img
99  108877824
Apr 01 2019
00:24:20
asa982-20-smp-k8.bin
106
34183584
Apr 01 2019 03:20:26
asdm-7121.bin
107  45961535    Apr 01 2019 03:21:46
anyconnect-win-4.7.01076-webdeploy-k9.pkg
108  37162027    Apr 01 2019 03:22:50
anyconnect-linux64-4.7.01076-webdeploy-k9.pkg
109  53129667    Apr 01 2019 03:24:20
anyconnect-macos-4.7.01076-webdeploy-k9.pkg
Clustering Feature:
clustering feature  supported on any 9.x VERSION you run (cisco clustering was introduced in 9.x). What does this mean? it means that other units online will enable you to use clustering only if you are running 9.4 or higher versions. Once you downgrade to anything below that “cluster feature” will be disabled and clustering configuration will be lost. This could be a nightmare if you are in production and had to downgrade due to a bug or compatibility issue. Be very realistic in your judgment, are you truly going to run version 9.8 in your production? A version that was released on April 08 2019? I can understand running such code for proof of concept or others but the latest “is never your greatest” keep that in mind.
IPS Feature:
IPS feature  on all ASA code 8.x 9.X you run. Why do you need this feature enabled if you are running firepower? Very simple code compatibility as well, if you are going to downgrade to an image prior to 9.3 SFR capabilities are extremely limited…. Period. This has been mentioned on Cisco’s support under multiple documentation. On a second note if you are not using SFR and wanting to use Cisco’s regular IPS then this is an absolute must. If all my units have this feature enabled why not take advantage of it? Legacy cisco IPS is still part of CCIE security till this day. Smartnet capabilities are not impact because a feature is enabled in your device, Smartnet is coverage provided by the vEndor on HARDWARE. If you purchase a Smartnet Cisco will cover your hardware Serial number PERIOD.
We don’t sell BOXES that we don’t know understand how to
operate, we sell solutions.
The following Screenshot shows one of my 5512 units running an early code of asa912-smp-k8.bin while preserving all features (IPS/CLUSTER/AnyConnect) and thus revealing my product authenticity.