Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
16814
Views
36
Helpful
11
Replies

Multi Context FTD

Go to solution
simon_efi_scante
Level 1
Level 1

‎07-26-2017 03:43 AM - edited ‎03-12-2019 02:44 AM

Hi,

I must configure a new FPR 4110 and I need to configure in it a multi context.

I have read that for the moment Firepower Threat Defense doesn't support Multi Context, it's only supported with ASA.

I want to use the features of NGFW with Multi Context, how can I do that?

In the next release of FTD will be supported Multi Context?

Thank you so much

9 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-26-2017 07:59 AM

FTD support for multiple context is planned for a future release but the release is not yet confirmed. I wouldn't expect it this year (2017).

There are alternatives such as security zones that may address the use case that led you to want multiple contexts. If you can share the functional requirements we may be able to suggest a way to satisfy them.

View solution in original post

11 Replies 11

Go to solution
Aditya Ganjoo
Cisco Employee
Cisco Employee

‎07-26-2017 04:00 AM

Hi,

Until now we do not have any information on this.

If you install ASA on FPR only it can be used in the multiple context but not FTD.

Regards,

Aditya

Please rate helpful and mark correct answers

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-26-2017 07:59 AM

FTD support for multiple context is planned for a future release but the release is not yet confirmed. I wouldn't expect it this year (2017).

There are alternatives such as security zones that may address the use case that led you to want multiple contexts. If you can share the functional requirements we may be able to suggest a way to satisfy them.

Go to solution
#Mat
Level 6
Level 6
In response to Marvin Rhoads

‎11-06-2017 09:39 AM

Hi Marvin!, how can we deploy the workaround with security zones?

Thanks!

.

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to #Mat

‎02-05-2018 04:07 AM

If multiple contexts are only to separate tenants' or departments' traffic administratively and security-wise you can simply define them as separate zones and keep their traffic separate by not allowing traffic between the zones.

 

Only if you need features like support for independent distinct routing tables (potentially with overlapping address space) and delegated management without the ability to see other tenants would you need multiple contexts. In such a case, Cisco advocates putting traditional multiple context ASA "in series" with Firepower appliances to get all the features of both products.

 

Personally I believe this is a bit more complexity and cost than should be necessary to meet the functional requirements but it will work.

Go to solution
jaime.pedraza
Level 1
Level 1
In response to Marvin Rhoads

‎03-15-2018 12:06 PM

Hi Marvin, 

 

¿Have you heard any update about the multi context feature on Firepowers? 

 

Thanks!

 

James

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to jaime.pedraza

‎03-16-2018 09:56 PM

There's been no update from Cisco.

 

I know they are aware that it is an in-demand feature from many customers but they have not yet made any public commitment to deliver it.

 

If it's important to your organization or your customers then I strongly suggest you make sure your Cisco account manager knows that. The more customers asking for it, the better the business case inside Cisco for making it a higher priority.

0 Helpful

Go to solution
eniola@ipconstruct.co.uk
Level 1
Level 1
In response to Marvin Rhoads

‎09-19-2018 11:37 AM

Is there any guidance on separating multiple tenants into security zones on the ASA  as you suggested . I thought the Zone based deployment model only applied to router based firewalls.

0 Helpful

Go to solution
Gus Rosa
Level 1
Level 1
In response to Marvin Rhoads

‎11-20-2017 12:29 PM - edited ‎11-20-2017 12:34 PM

 
0 Helpful

Go to solution
bernardovr
Level 1
Level 1
In response to Marvin Rhoads

‎03-19-2018 11:30 AM

Hi Marvin,

 

Is this possible now? or we must wait.

 

Thanks

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to bernardovr

‎03-19-2018 08:18 PM

There's no update since I last posted 72 hours ago.

 

The feature is not available in Firepower 6.2.2.

 

Watch the release notes as new versions come out - that will be the definitive source for this information.

 

https://www.cisco.com/c/en/us/support/security/defense-center/products-release-notes-list.html

0 Helpful

Go to solution
robert.humphreys1
Level 1
Level 1
In response to Marvin Rhoads

‎12-07-2018 04:38 AM - edited ‎12-07-2018 05:03 AM

https://www.cisco.com/c/en/us/td/docs/security/firepower/630/relnotes/firepower-release-notes-630.html

Hello,

 

Cisco have just released Firepower 6.3.0 as of Wednesday, 5th December. Multi-instance is now available.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card