Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3369
Views
10
Helpful
1
Replies

Difference between Firepower 2140 NGFW and 2140 ASA versions?

Jim Matuska
Level 1
Level 1

‎08-21-2018 10:34 AM - edited ‎02-21-2020 08:08 AM

We currently have a couple 5500 ASA Firewalls and are considering upgrading to the Firepower 2140's so we can get MultiGigabit speed and 10 Gbit Interfaces.

 

I notice there are 2 separate models in each of the Firewpower models, one is listed as a NGFW and the other as an ASA Version.  

 

Is the ASA version like the ASA's and the NGFW version running entirely new software?  What are the advantages of each.  Would it make sense to change to the new NGFW software or for ease of migration and usability get the ASA version?  If we were to get the ASA version can it be switched to the other software in the future?  

 

What would you recommend?  

 

Jim

0 Helpful
1 Reply 1

Rahul Govindan
VIP Alumni
VIP Alumni

‎08-21-2018 12:26 PM

Difference is the operating system that the chassis runs. ASA means that you will have the traditional ASA software running on top of the 2100 chassis. Apart from the initial hardware setup, everything will look exactly the same as the ASA5500 firewall from management (ASDM) and day to day operation. What you will NOT get with the ASA is the Next generation Firewall features like Application Visibility and Control, IPS, Advanced Malware Protection (AMP) and URL Filtering. 

 

The NGFW version uses a new operating system called Firepower Threat Defense (FTD) that encompasses features from the traditional ASA plus the NGFW features mentioned above. This uses the Firepower Management Center (FMC) as a single point of management. If you are looking for these advanced features on the new Firewall, FTD is the way to go. The only word of caution would be that the FTD is fairly new, so there could be features that you use on the ASA that may not be supported/fully functional on the FTD. Also, there is no easy way to switch back between the 2 operating systems unless you completely re-image the hardware.

 

My suggestion would be to run your requirements by your Cisco SE/AM/partner and make sure that the FTD is capable of handling everything that you use today on the ASA. If yes, this would be the way to go forward.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card