cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6279
Views
10
Helpful
16
Replies

FPR1000 The true ASA 5505 Replacement

robinson
Level 4
Level 4

Cisco has FINALLY heard us!  The purveyors and Champions of the Small to medium business markets, and produced the first match to the Cisco ASA5505.  First they gave us the 5506 and we were all upset about the fact that the ports were NOT switched. Well with this we can run ASA and FTD code, join it to FMC, and comming in 6.5 code we can get 650Mbps of IPS traffic throughput on this baby!  This fills a HUGE hole in the market.  I'm so happy to this this.  What are your thoughts???

 

FPR1000.jpg

The secret to succeeding at technology is to say yes you can, and to not be afraid of change. Forget the words, "That's how we always do it"
16 Replies 16

Marvin Rhoads
Hall of Fame
Hall of Fame

Yes this new appliance appears to be very promising. The inclusion of PoE certainly addresses a lot of use cases for small offices and remote sites.

We're still waiting for full details and pricing but for now I'm (cautiously) optimistic.

Cautiously optimistic? I'm extatic, I mean it will work, but im sure it won't come in at the same price point point as the 5505 or 5506.
The secret to succeeding at technology is to say yes you can, and to not be afraid of change. Forget the words, "That's how we always do it"

Well not all features may not be available in the first release.

Pricing may make it 3x the cost of an ASA 5505 thus putting it out of reach for many small office users or home labs.

Bugs may need to be worked out.

etc.

All of those and more (like >35 years experience in the security industry) are why I temper my enthusiasm with caution.

Hmmm, you make very valid points...I'm tempered now. Lol
The secret to succeeding at technology is to say yes you can, and to not be afraid of change. Forget the words, "That's how we always do it"

Philip D'Ath
VIP Alumni
VIP Alumni

Also note when Cisco says it can run the ASA code it has a little asterisk - not supported at this time.

GlennJoseph
Level 1
Level 1

Philip, 

I know that I am posting three years after you make the comment on 6-10-2019, but is it still the case that the ASA code is not supported?  Have they address it so it is support now in 2022? 

@GlennJoseph ASA software has been supported on the FPR1000 series hardware for a couple of years now. https://software.cisco.com/download/home/286322194/type/280775065/release/9.16.3%20Interim

 

Rob,  Thank you for your timely response.  After looking at the link above, I don't think I had been descriptive enough as to what I am looking for.  I have a Cisco ASA 5505 running  Cisco Adaptive Security Appliance Software Version 8.4(2).  I am looking to copy the startup-config file into the FPR1000 appliance.  My concern is that they are not compatible or there may be deprecated commands not supported in the FPR1000.  Can I just copy the ASA 5505 startup-config file into the FPR1000 and have the appliance run without issues?

Again thank you.

 

@GlennJoseph the minimum ASA software version you can run on the FPR1000 is 9.14, there quite a big difference between 8.4 and 9.14.  There will be depreciated SSL, IKE, IPSec ciphers to start with and from 9.17 Clientless VPN is depreciated.

You can certainly copy and paste, you just may need to change VPN configurations to use more secure ciphers.

Thank you for you invaluable information. You have been a tremendous help
to me. I truly appreciate your time In giving me the information that is
nearly impossible to find.


@GlennJoseph no you cannot. You can copy most of it but there are a number of commands that don't map between the different platforms' hardware capabilities. If you look through it, many are obvious and some not so much.

You can however try it and then boot while connected to console and capturing the output. Anything you missed during a human review/edit will show up as a parsing error when the system load the configuration file.

Wow, Thank you for your insight. That makes sense as to mapping one to one.
I was told that there is a firewall to firepower migration tool:
https://www.cisco.com/c/en/us/products/security/firewalls/firepower-migratio
n-tool.html

I am currently reviewing it. But I just want to do my due diligence before
I make any move towards a migration and mess it all up.

Again, thank you for your insight. Everyone's' point of view is very
important to me.


The migration tool converts an ASA configuration to an FTD configuration for a new device managed by FMC.

It does not convert the configuration of an old ASA running on old hardware to ASA running on new hardware.

Again, thank you for your insight. This saves me hours of banging my head,
while expecting a different result each time I tried to migrate.


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: