Cisco ASA Easy Setup Manual

Cisco ASA Firepower Module

Easy Setup Guide

1

Preconfiguring

2

Configuring Security Policy

3

Updating Database

4

Reporting & Monitoring

You can easily set up your ASA Firepower Module

in this step-by-step guide

This guide provides information about basic configuration of security policies (ac-
cess control policies) on the Cisco ASA Firepower module, using the Cisco Adap-
tive Security Device Manager (ASDM). Before proceeding, make sure that you have
completed the initial configuration of the Cisco ASA with Firepower Services, refer
to the separate "Cisco ASA with Firepower Services Easy Setup Guide" and so on.
Some configurations in this guide require having optional licenses installed. In those
cases, "MEMO" or "Caution" columns specify the necessary licenses.
The Cisco ASA with Firepower Services ship with a base license for Application
Visibility and Control (AVC). Optional subscriptions for Next-Generation IPS

（

N-

GIPS）, Cisco Advanced Malware Protection（AMP）, and URL Filtering (URL) can

be added to the base configuration for advanced functionality.

●

AVC：Supports more than 3,000 application-layer and risk-based controls that

can launch tailored intrusion prevention system (IPS) threat detection policies to
optimize security effectiveness.

●

NGIPS：Provides highly effective threat prevention and full contextual awareness

of users, infrastructure, applications, and content to detect multivector threats
and automate defense response.

●

AMP：Delivers inline network protection against sophisticated malware and Cisco

Threat Grid sandboxing.

●

URL：Adds the capability to filter more than 280 million top-level domains by risk

level and more than 82 categories.

Redirect traffic to the ASA Firepower module by creating a service policy on the
ASA that identifies specific traffic that you want to send.

Preconfiguring

1

1-1 Before You Begin

1-2 Configuring Service Policy

1

1

Click [Configuration].

2

2

Click [Firewall].

Optional Licenses

Characters

Included

in SKU

NGIPS AMP URL

NGIPS License TA

●

- -

AMP License AMP -

●

-

URL License URL - -

●

NGIPS & AMP License TAM

● ●

-

NGIPS & URL License TAC

●

-

●

NGIPS & AMP & URL License TAMC

● ● ●

Cisco ASA Firepower Module Easy Setup Guide

1

Preconfiguring

8

8

Click [ASA FirePOWER

Inspection].

5

5

Click [Next].

Use the default [Global - applies
to all interfaces]. This option ap­plies the service policy globally
to all interfaces.

3

4

3

Click [Service Policy

Rules].

4

Click [Add Service Policy

Rule] from the [Add] menu
bar.

6

6

Click [Use class-default as

the traffic class].

7

Click [Next].

7

9

10

9

Click [Enable ASA Fire-

POWER for this traffic
flow].

10

Click [Permit traffic] or

[Close traffic].

The [Permit traffic] sets the
ASA to allow all traffic through,
uninspected, if the module is
unavailable. The [Close traffic]
sets the ASA to block all traffic if
the module is unavailable.

11

Click [Finish].

11

Cisco ASA Firepower Module Easy Setup Guide

1

Preconfiguring

Create file policies to configure the system to perform malware protection and file
control as part of your overall access control configuration. The file policies that
you create here will be used in

”

2-2 Configuring Access Control Policy: Visual-

ization”.

Configuring Security Policy

2

2-1 Configuring File Policy: Blocking Malware

1

1

Click [ASA FirePOWER

Configuration].

2

2

Click [Policies].

3

3

Click [Files].

4

4

Click [New File Policy].

The [New File Policy] pop-up
window appears.

5

Enter a name for your new

policy in the [Name] field.

6

Click [Store ASA Fire-

POWER Changes].

6

5

Cisco ASA Firepower Module Easy Setup Guide

2

Configuring Security Policy