Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1751
Views
10
Helpful
2
Replies

ASA-5508-X or FTD-5508-X

fbeye
Level 4
Level 4

‎09-15-2021 06:38 PM

Hello

 

So I had posted a question and got a reply back to my initial question on the subject matter and wanted to bring it here for more discussion.

 

Initial question was;

have a 5508-X ASA with 8 static ips (5usable). I wanna venture for fun into FTD and can get a other 5508-x FTD for cheap. Can FTD perform same as Asa in regards to hosting 5 static ips and some having subnets ? Some basic acl’s. PPPoE and such or does it not work that way?

 

and the response was;

 

- when you say 8 static IPs does that mean 8 Public IPs (rather than private IPs)?

- what are these static IPs used for? In general on ASA with multiple Public IPs they are used for address translation, and especially for some static translations so that servers in the network can be accessible from the Internet. Is that what these IPs will be used for? Or do you have some other use in mind?

- I am a bit puzzled at the reference to some having subnets. How would you have subnets associated with these Public IPs?

- in general I would expect FTD to operate very similar to the way ASA does for Public IPs used for NAT. 

 

So for more information;

- The 8 Static IP's (5 usable) are a WAN Public Block from my ISP

- The IP's are more or less recreational but server a purpose.

  x.x.x.182 - ASA IP and uses 192.168.1.0 (PAT) for Internet Usage

  x.x.x.177 - Public IP using 10.0.1.0 (PAT) for Internet Usage (could technically just use the .182 at this point)

  x.x.x.179 - Public IP using 192.168.4.179 NAT to a Linux Email Server

  x.x.x.180 - Public IP using 192.168.4.180 NAT to Linux Web Server

  x.x.x..178/181 unused at this moment.

- When I said subnets, maybe I worded wrong? I just mean the Internal IP subnet for the 192.168.1.x and 10.0.1.x

At this moment, aside from the NAT/PAT I have set up I really only have bare basic ACLs and that is for incoming/outgoing for my webs server and email server. I am a hands on guy and wanted to purchase a FTD 5508-X used and learn more about the Firepower side...My question was can I host this IP's in the same manner on the FTD with the ACLs etc but being FTD, with more security? If yes, then 2nd question would be, and I know "for fun" may not be realistic but for fun, what basic (most legitimate and usable for "having fun with" ) service should I get? I know the FTD has several of them for security. What is realistic for home use but mind you, I do run an email server and web server so security is a legitimate concern.

If the answer is no then with my scenario how could I incorporate an FTD? Would it be after the ASA for lets say the Web and Email IP's and host through it?

I just want to expand my mind.

 

Thank you.

 
Report
Labels:
0 Helpful
2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

‎09-25-2021 01:24 PM

The approach to configuring FTD is different from standard ASA. This link might provide some helpful information.

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/5508X/asa-5508-5516-gsg/ftd-fdm.html#id_74539

HTH

Rick

Georg Pauwen
VIP
VIP

‎09-26-2021 10:33 AM

Hello,

 

the biggest difference between ASA and FTD is indeed that FTD configuration is GUI based (which supposedly makes the entire configuration process easier, but if you are used to CLI configurations, it might take some time to get used to the GUI approach).

 

As for basic IP addressing and interface setup, there is no difference.

Customers Also Viewed These Support Documents