Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Need recommendation on ASA model for new remote office


I am in the process of re-configuring one of our corporate offices and would like some advise on the firewall piece.

Currently this office is running on a metro Ethernet connection connected to our main location (NOC).

We are getting rid of MoE and installing a faster ISP connection (Internet cable provider).

I've been researching on firewall equipment for this office to enhance security over the WAN and like the next Gen ASAs idea.

The future setup is to have the remote office connected via L2L VPN tunnel for local traffic and all the rest of www traffic out the ISP. 

This office have 20 users running Cisco phones.

If I go with the next Gen ASA 5515-X do I need to purchase a CX license? I want to make sure the new ASA can secure the inside hosts exposed to www.



Please let me know if you have any suggestions,





Hall of Fame Super Silver

The 5515-X is s solid

The 5515-X is s solid firewall for a branch office. In addition to the NGFW features represented with the CX module (AVC, WSE and optionally IPS)  you also  now have the option of choosing a FirePOWER module with the technology acquired by Cisco in last year's acquisition of SourceFire. Here's a link to the product page for that.

Either approach gives you the NGFW feature set you need to protect against current and emerging threats. Some people argue that the FirePOWER technology has a better track record than the CX-based products (even though both have the benefit of Cisco's backing).

Either approach requires you buy a license to use the module-based (CX- or SFR-) services.


CreatePlease to create content