08-29-2017 07:18 AM - edited 02-21-2020 06:15 AM
I'm in the midst of working with a VAR to replace 5510s with 2110s and it's just been 1 caveat after another with these devices; mainly VPN. Then today, I received a Cisco software update notification for the 2110s with ASA code 9.8(2) listed. I decided to check it out, but I have more questions...
What exactly does this mean? Should I even be looking into this as an option or is FTD the answer now and in the long term? What type of feature support or lack of would I be looking at with the 9.8(2) ASA code?
TIA,
Keith
Solved! Go to Solution.
08-30-2017 07:12 AM
Yes - unfortunately when you run ASA on Firepower appliance you cannot add the Firepower service module like you can on an ASA appliance.
FCM isn't really a separate product - it's just the on-box Web UI for Firepower appliances. It's pretty easy to use and straightforward.
08-30-2017 05:24 AM
Many customers are frustrated with the caveats in FTD software. It is for that reason that Cisco decided to offer ASA on the Firepower 2100 series. It runs pretty much* like ASA software on the ASA appliance hardware - just a lot faster. Even with remote access VPN on FTD 6.2.1 of Firepower 2100 series since earlier this summer there are still caveats.
* Note all Firepower 2100, 4100 and 9300 series appliances use the Firepower Chassis Manager (FCM) for some hardware configuration and such. All the ASA features are still available - just those few are shifted onto FCM.
08-30-2017 06:01 AM
I can definitely see why people are frustrated. Why release products if they aren't ready for primetime. Yes, you may lose a few customers to your competitors in the short term but it's better than frustrating a whole heck of a lot more customers with half-baked products.
Does this mean I'd lose the ability to do IPS/AMP if I went down that road? It doesn't seem clear on that. I've not heard of the FCM... Yet another product to worry about.
Regards,
Keith
08-30-2017 07:12 AM
Yes - unfortunately when you run ASA on Firepower appliance you cannot add the Firepower service module like you can on an ASA appliance.
FCM isn't really a separate product - it's just the on-box Web UI for Firepower appliances. It's pretty easy to use and straightforward.
08-30-2017 07:27 AM
Thank you, I thought so but wasn't completely sure. This means we will not be getting our money's worth so I'll have to pass on that option.
Oh ok, I thought that was called Firepower Device Manager (FDM).
Thanks,
Keith
08-30-2017 07:37 AM
FDM is slightly different - that's the on-box manager for the ASA appliances running the FTD image.
It's a web UI as well - think FMC (stripped down quite a bit) and made to look more like a Meraki interface.
The larger Firepower appliances' sensors currently are only managed via FMC. On the smaller ASAs you can choose one or the other.
08-30-2017 08:34 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide