The features you mention used to be in the content security modules and licenses on the old 5500 series.
Cisco has moved to a different model and set of offerings with the Next Generation Firewall features of the 5500-X series. Web filtering is provided by the Web Security Essentials (WSE) feature. It is licensed to run on the CX module and usually sold with the Application Visibility and Control (AVC) feature set. They are licensed annually or in multi-year subscriptions and not by number of users.
Please see the subscription license part number in the bottom half of Table 4 here.
Cisco has mostly moved the AV and anti-spam features off the firewall product line. You can get Cloud Web Security (with or without Advanced Malware Protection) which integrates via a connector with an ASA. It is described here. Anti-spam would be a feature of the Cisco Ironport Email Security Appliance (ESA).
Item #2 is a successor product with the subscription for the AVC, WSE and IPS features. It does not include the Cloud Web Security (CWS) bits I mentioned earlier (which are also mentioned on the notice).
CWS is licensed by a combination of the number of seats (= concurrent users) and term of subscription (1, 3 or 5 years). The minimum tier is 25-199 seats and one year term. The SKU for a minimum size installation would be CWS-1Y-S1, quantity 25.
Also, most customers are advised to get the 5515-X (vs. 5512-X) if they have any intention to run an HA pair.
Yes - WSE and AVC (and IPS) all use Cisco's cloud-based Security Intelligence Operations (SIO) as a source for their decision-making data (categorization of websites, application, IPS signatures, etc.)
They do not do anti-spam. That feature was not carried forward in the Next Generation Firewall (NGFW). Please refer to my earlier reply: "Anti-spam would be a feature of the Cisco Ironport Email Security Appliance (ESA)."
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :