03-22-2016 03:26 AM - edited 02-21-2020 10:21 PM
Hi
Can someone from Cisco please explain what this image is? And what parts of ASA does include ? Can it do VPN/Anyconnect ?
Is ASA OS getting retired ?
Regards
Solved! Go to Solution.
03-07-2017 02:10 AM
Yes - we refer to them as Etherchannels. Here is the procedure:
Step 1 | Select Devices > Device Management and click the edit icon () for your Firepower Threat Defense device. The Interfaces tab is selected by default. |
Step 2 | Enable the member interfaces according to Enable the Physical Interface and Configure Ethernet Settings. |
Step 3 | Click Add Interfaces > Ether Channel Interface. |
For more details, please see this source:
http://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/interfaces_for_firepower_threat_defense.html#ID-2077-00000022
03-07-2017 03:11 AM
Hi Marvin,
Good Day!
Thanks for the feedback, but why my FTD doesn't have this menu. I am using the on-box FDM and not the FMC.
Thanks,.
03-07-2017 03:39 AM
Sorry but you must have FMC to do this task. Without it, you cannot configure Etherchannel interfaces on an FTD device.
When you use Firepower Device Manager to configure the device, there are several limitations to interface configuration. If you need any of the following features, you must use Firepower Management Center to configure the device.
Routed firewall mode only is supported. You cannot configure transparent firewall mode interfaces.
IPS-only mode is not supported. You cannot configure interfaces to be inline, inline tap, passive, or ERSPAN for IPS-only processing. IPS-only mode interfaces bypass many firewall checks and only support IPS security policy. In comparison, Firewall mode interfaces subject traffic to firewall functions such as maintaining flows, tracking flow states at both IP and TCP layers, IP defragmentation, and TCP normalization. You can also optionally configure IPS functions for this firewall mode traffic according to your security policy.
You cannot configure EtherChannel or redundant interfaces.
Source: http://www.cisco.com/c/en/us/td/docs/security/firepower/620/fdm/fptd-fdm-config-guide-620/fptd-fdm-interfaces.html
07-10-2017 05:51 AM
i like the whole FMC, managing all devices from one location. but i hope FTP can also be managed from the unit itself. There are cases where you dont need an FMC to manage the device.
07-10-2017 08:30 AM
You can use FirePOWER Device Manager (FDM) to perform simple setup and management of an FTD device on ASA hardware and FirePOWER 2100 series.
For the 4100 and 9300 series and FTDv, you need FMC.
07-10-2017 08:56 AM
Is there a comparison/matrix that showcases what is leverage with FMC versus FDM for varying hardware ?
I.e. To be more combative against Palo Alto Networks for example, from a parity perspective, it'd be nice to only run FDM with ASA w/FP. But not if you don't get parity with FDM versus what you get with FMC.
07-10-2017 09:03 AM
I've pulled my information from a combination of hands-on, Cisco Live presentations, partner community information and discussions here. I've never seen a definitive matrix comparing the two.
I always recommend FMC if there's more than one firewall. :)
10-05-2017 01:25 PM
Can we use EtherChannel as HA/Failover interface configurtions? I have created EtherChannel interfaces on my both FTDsv(2110s) before adding them to HA via FMC but durring HA configuration, Ethernet Channel interface does not show!!! only physical interfaces are there...
10-05-2017 07:41 PM
You can to use an Etherchannel but you would need to dedicate the entire set of physical links (i.e. no subinterfaces) as the failover interface must be dedicated. This would not be a use case that makes sense for most implementations.
10-09-2017 09:32 AM
Hi,
I have already added my both FTDs in FMC, I have configured Ether Channels on both FTDs ( PortChannel1 and adding interface 11 and 12 in it ) via Device Managament Center but when i try to add/configure HA for both FTDs then i am unable to see/select Etherchannel from the interface option, only visible interfaces are physical interfaces, also one more thing, i also cant see interface 11 and 12 which i added to etherchannel configuration.
Please advise if i am missing something here.
05-11-2016 05:28 AM
As you noted - the release notes describe the features at a high level The configuration guide further instructs how to set it up.
One note an ASA with FTD image is not an ASA with FirePOWER. When the FTD image is used there is a single compiled image and not the separate ASA software with FirePOWER software running in a module. there is only FTD software.
There will be an "on-box" manager (HTML 5 - no Java!) coming with 6.1 thus summer.
05-11-2016 07:17 AM
Ahh yes.. you are right [@mrhoads-cco] .. FTD is a different image when compared to embedded FP image in greater ASA OS/Software.
Out of curiosity.. what about Security Zones in FTD 6.0.1. Will they work when defined in FMC 6.0.1 ?
Back in FSM 5.4.1/ASA w/FP 5.4.1 they never did....
05-11-2016 04:05 PM
I haven't tried zones in my one little FTD box in the lab.
However I'd hazard a guess that functionality would be from the Sourcefire code base where zones have been in use and worked for quite some time vs. the ASA where zones are a relatively new construct.
05-12-2016 03:47 AM
I think that's correct. Tried it today.
One last question... What about LACP defined in FMC 6.# being pushed and enacted on interfaces on FTD on ASA 55##-X units ? Will LACP work ?
11-15-2016 12:36 AM
Hi
We have bough two 4120 boxes in order to migrate currently installed two ASA firewalls , we have tried the migration tool and we opened a case with Cisco TAC with no luck
Is there a way to access the FTD internal files and do the configuration from there if anyone has faced the same issue? or should I proceed with manually configure the FTD which will take a huge amount of time?
Thanks
BR,
Mohammad
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide