Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2605
Views
0
Helpful
3
Replies

Firepower appliance options for ASA+NGIPS

giovanni.augusto
Level 1
Level 1

‎07-15-2019 12:27 AM - edited ‎02-21-2020 09:18 AM

Dear All,

 

I would like to know if there is an option to purchase a Firepower appliance (2xxx, 4xxx, 9xxx) and run an ASA+NGIPS image like a 5525-X or 5555-X.

 

My understanding is that there is no such option and purchasing a Firepower appliance implies either using an ASA image or an FTD image.

 

 

Thanks you in advance.

0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-15-2019 07:55 AM

There's no such option as having an ASA with Firepower service module on a Firepower appliance (either virtual, 1k, 2k, 4k or 9k series).

You can put one appliance running ASA in line with another one running FTD.

Technically you could run an ASA and FTD image on separate security modules of a Firepower 9300 (as of the latest FX-OS versions) but that would be one VERY expensive firewall rig.

The recommended solution is to just go with FTD. If there's a use case where FTD doesn't meet your requirements (for instance, clientless SSL VPN), then just put that on an ASA "off to the side" while everything else runs on FTD.

0 Helpful

giovanni.augusto
Level 1
Level 1
In response to Marvin Rhoads

‎07-15-2019 11:12 AM

Thank you Marvin,

 

Do you know of any EoL or EoS announcement for ASA? As I am reading about Cisco Defence Orchestrator I wonder if ASA option will be kept for a while longer meanwhile Cisco address issues on the Firepower platform.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to giovanni.augusto

‎07-15-2019 06:10 PM

ASA software isn't going away anytime in the current planning horizon (several years). There are millions of these appliances deployed worldwide and there are a decreasing but fair number of features not yet supported on FTD.

Of course hardware will continue to come and go as its useful lifetime expires and replacement platforms offer compelling functionality and meet the demand for increased throughput.

That said, one would be well advised to carefully consider FTD for new deployments going forward. It addresses threats more comprehensively than a traditional ASA and thus does a better job at protecting your network. It's by no means a silver bullet and should be part of a comprehensive security solution set.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card