cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


214
Views
0
Helpful
5
Replies
Beginner

Can FMC manage NON Firepower ASA's ?

I'm in the process of acquiring some new FTD's with FMC. But can't find a definitive answer as to whether the FMC can manage ASA configs & logging too ? 

 

The company has a large estate of 5525-X without FirePower & a few 5545-X's with.

I'm trying to improve the management & getting some resistance to migrating everything to FTD.

 

Anyone got hands on experience that can answer this please ?

 

Thanks

5 REPLIES 5
RJI Advisor
Advisor

Re: Can FMC manage NON Firepower ASA's ?

Hi,
No, if the ASA hardware is running ASA firmware then the FMC cannot manage it. If you run FTD software on the ASA then yes the FMC can manage it.

HTH
Hall of Fame Guru

Re: Can FMC manage NON Firepower ASA's ?

You can manage configs of ASA and Firepower appliances with either ASA or FTD software using Cisco Defense Orchestrator (CDO). Logging (SAL) would be supported for FTD only.

As @RJI noted, FMC cannot manage ASA software (including logs) at all.

Beginner

Re: Can FMC manage NON Firepower ASA's ?

Thanks for the replies, appreciate you confirming my fears.

Seems strange with Cisco advertising "single pain of glass" but not supporting the ASA product line with their new management engine. I guess FTD is their planned future, but not having a single management console is a real PIA compared to the other vendor products I work with.

 

Onwards & upwards.

 

Highlighted
Hall of Fame Guru

Re: Can FMC manage NON Firepower ASA's ?

Actually Firepower Management Center isn't a new management engine. It's the latest version of the product that started as Sourcefire Defense Center back over 10 years ago.

CDO is a new management engine. It supports FTD, ASA and Meraki security appliances.

Engager

Re: Can FMC manage NON Firepower ASA's ?

hi,

there's always budget and technical/person resource constraint in any IT environment.

you don't have to forklift all your ASA to FTD appliance. you can do it by phases: either buy/add FP module on ASA-x series or convert to FTD to manage them via FMC.

see helpful links:

http://wannabecybersecurity.blogspot.com/2018/11/cisco-asa-5506w-x-firepower-module_9.html

http://ccnpsecuritywannabe.blogspot.com/2019/07/reimaging-cisco-asa-5500-x-to-firepower.html

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here