Hello /cisco,

I wanted to share some information about my experience with this migration so far, as well as pose a question or two. My 5525-X is running 9.14(4)24 and has a Firepower IPS managed by a vFMC. I really liked running ASA OS for the firewall and using an FMC to manage the IPS/IDS.

For context I have around 100 IPsec tunnels, 500 access lists, 350 network objects, 100 NAT rules, a DMZ, backup internet, and AnyConnect.

MY first difficult realization was discovering that I could not run ASA OS and have IPS services on the new 3105. I looked into using the FMT tool but that requires me to run an FTD image managed by an FMC. Transitioning from ASDM/CLI to FMC is a major shift so for anyone who hasn’t done it yet I would advise mental preparation for dramatic changes.

I'm still in the process of migration, but I have do have 1 other major frustration that has come up. With ASA-OS I was able to access real-time monitoring via ASDM or CLI. However with FMC the only 'live logs' I can find are in the Analysis -> Unified Events section.
My question for anyone that has used both - Is there a way to get 'Unified events' Live logs as verbose as ASDM? Will I be able to see IPSec negotiations and access list blocks in real time? I see filter options for 'Connection events' and 'Security-related connection events,' but I can't seem to get them to show much of anything in my testing.

Thanks in advance for any responses!