https://community.cisco.com/t5/network-security/fps-vs-ftd/m-p/3361318#M963402 <P>Is the main difference between FPS and FTD that with FTD as far as management of the ASA goes that object/ACE creation will need to be done from the FMC itself and not possible through an ASDM or CLI? Is it the goal of Cisco to eliminate IOS/CLI access?</P> <P>&nbsp;</P> <P>It has been awhile for me since I worked within firepower and FTD at that time was spoken of but not quite there yet for production deployments. What is the current status of FTD and obviously as asked above is my perceivement wrong?</P> Fri, 21 Feb 2020 15:36:13 GMT keithcclark71 2020-02-21T15:36:13Z https://community.cisco.com/t5/network-security/fps-vs-ftd/m-p/3361318#M963402 <P>Is the main difference between FPS and FTD that with FTD as far as management of the ASA goes that object/ACE creation will need to be done from the FMC itself and not possible through an ASDM or CLI? Is it the goal of Cisco to eliminate IOS/CLI access?</P> <P>&nbsp;</P> <P>It has been awhile for me since I worked within firepower and FTD at that time was spoken of but not quite there yet for production deployments. What is the current status of FTD and obviously as asked above is my perceivement wrong?</P> Fri, 21 Feb 2020 15:36:13 GMT https://community.cisco.com/t5/network-security/fps-vs-ftd/m-p/3361318#M963402 keithcclark71 2020-02-21T15:36:13Z https://community.cisco.com/t5/network-security/fps-vs-ftd/m-p/3362340#M963403 <P>It's a bit more than the management. FTD basically combines the asa and sourcefire code into one image so there is no need for a software or hardware module in the firewall. I wouldn't say it is their goal to eliminate CLI but it was an unfortunate conclusion that was reached. CLI configuration is not possible as of now (with some cli operations being the exception) and all configuration must be done from FMC or FDM UI.</P> <P>&nbsp;</P> <P>As of now I would say it is worth taking a look at, since it will be the way forward in ciscos firewall strategy. Ofc there are still some limitations that you should keep in mind:</P> <H2 id="unsupported">Unsupported</H2> <UL> <LI>Multiple-Context mode</LI> <LI>Clientless SSL VPN</LI> <LI>Configuration CLI</LI> <LI>HA (Active/Standby) for Public Cloud (AWS/Azure)</LI> <LI>ASA5585-X Platform support (not possible due to hardware architecture)</LI> <LI>Hyper-V support</LI> <LI>TLS Proxy for Encrypted Voice Inspection</LI> </UL> <H2 id="supported-with-limitations">Supported with limitations</H2> <UL> <LI>Local device manager (no feature parity between FDM and FMC)</LI> <LI>Central management via in-band data path (Staging or OOB required for remote management)</LI> <LI>AnyConnect (no feature parity with ASA)</LI> <LI>REST API (no feature parity with ASA REST API yet)</LI> <LI>SSL Acceleration (only for FPR4100 &amp; FPR9300)</LI> <LI>Clustering (only for FPR4100 &amp; FPR9300)</LI> <LI>Unified Connection Logging (FTD Connection events do not include detailed L4 information, e.g. SYN Timeout, etc.)</LI> </UL> <H2 id="supported-with-flexconfig">Supported with FlexConfig</H2> <UL> <LI>Modular Policy Framework (e.g. changing tcp timeouts, changing inspections depending on ACL)</LI> <LI>Bidirectional Forwarding Detection (BFD)</LI> <LI>Web Cache Communications Protocol (WCCP)</LI> <LI>Virtual Extensible LAN (VXLAN)</LI> <LI>Intermediate System to Intermediate System (IS-IS)</LI> <LI>Enhanced Interior Gateway Routing Protocol (EIGRP)</LI> <LI>Policy-based Routing (PBR)</LI> <LI>Equal-cost multi-path routing (ECMP)</LI> <LI>NetFlow</LI> </UL> <P>&nbsp;</P> <P>Hope that helps. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span>&nbsp;</P> <P>&nbsp;</P> Sun, 08 Apr 2018 09:37:15 GMT https://community.cisco.com/t5/network-security/fps-vs-ftd/m-p/3362340#M963403 Oliver Kaiser 2018-04-08T09:37:15Z