Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1201
Views
10
Helpful
7
Replies

ASA 5516-X With FirePower Services - App rate Limiting

Go to solution
kjawaid01
Level 1
Level 1

‎10-21-2016 07:51 AM - edited ‎03-12-2019 01:26 AM

Hi All

I have what seems as a basic question but I have been going round the houses on it? We have some new ASA5516-x firewalls with fire power services running the latest 6.1 images. Note these are running the independent asa and firepower images as we use the firewalls for anyconnect and nat etc. as well.

What we want to do is rate limit application throughput on some access rules for certain protocols. I know I can do this in the asa code but as that isn't really a ids sensor I want to do it in the firepower code via a rule. I have read the documentation and it talks about QoS rules, but I cannot see where these QoS rules are? Do I need to enable something first to make this happen?

Appreciate your help on this

Kamran

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
michaellperrin
Level 1
Level 1

‎10-21-2016 08:26 AM

Under Devices---> QOS

Create a new QOS policy and assign it to the device or devices you want.

Then you can add your rules from there.

View solution in original post

7 Replies 7

Go to solution
michaellperrin
Level 1
Level 1

‎10-21-2016 08:26 AM

Under Devices---> QOS

Create a new QOS policy and assign it to the device or devices you want.

Then you can add your rules from there.

Go to solution
kjawaid01
Level 1
Level 1
In response to michaellperrin

‎10-21-2016 09:19 AM

Hi

Thanks for this!

The only issue is when I got to Qos, the list of available devices is empty?

0 Helpful

Go to solution
michaellperrin
Level 1
Level 1
In response to kjawaid01

‎10-21-2016 09:20 AM

I'm not 100% sure but I think it's only supported with FTD and not ASA with Firepower Services

0 Helpful

Go to solution
djpapatan
Level 1
Level 1
In response to michaellperrin

‎11-20-2018 10:58 PM

Hello,

 

I have the same problem with my ASA5516-X with FirePOWER services. I also cannot see the device when I am trying to add a policy.

Is it supported for my device? I have also FMC 6.2.1 version.

 

Thank you in advance for the reply.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to djpapatan

‎11-21-2018 12:48 AM

As @michaellperrin mentioned, the QoS policy in FMC can only be applied to FTD devices - not ASA Firepower service modules.

 

Confirmation can be found here:

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/quality_of_service__qos__for_firepower_threat_defense.html#id_16322

Go to solution
djpapatan
Level 1
Level 1
In response to Marvin Rhoads

‎11-21-2018 05:26 AM

Thank you for the reference. It helps me solve the issue.
Also the ASA5516-X with FirePOWER services use classic license, it was indicated on the note that it's not available for classic licenses.

Best Regards,
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to djpapatan

‎11-21-2018 06:00 AM

You're welcome, please rate helpful posts.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card