I'm new to Cisco 4110. We are planning to migrate FWSM to 4110 with Firepower on it. My question is do have to install ASA and FTD both in the same 4110box? or FTD itself can handle all the FWSM config (object groups, ACLs,NAT .. etc ) and the firepower as well?
Solved! Go to Solution.
What is the best practice(s) when you configuring zones? is it based on the environment functions (data,wireless,video,,etc) or is it based on Interface like ASA?
I tried look for a good documentation on this but, couldn't find any.
Thanks in advance.
It's a bit new in the product cycle to say there's a "best practice".
Generally I've seen zones used as a container for multiple interfaces of the same security level that it would make sense to use one zone-based policy for multiple interfaces vs. the traditional one interface = one nameif = one ACL / set of NAT rules.
in my deployment I have used same name for interface and their associated security zone, of-course I have just one interface in the same security zone.
I don't see any issue in this approach , rather it is helpful further to configure a new security policies i.e. by seeing the security zone name we can find out this is assigned to which interface
I have a need to use context in FTD and I'm thinking of using an ASA appliance + FTD appliance to meet my demand. Has anyone seen it work?
I can not use only the ASA because I need an NGFW.
Yes - the current recommendation from Cisco for when you absolutely need multiple contexts is to put an ASA multiple context firewall in series with an FTD appliance.