Solved: ASA Future

3mrivera · ‎12-12-2017

Haven't been able to get a straight answer but what is the future of IOS/CLI on the firewall appliances?

Marvin Rhoads · ‎12-12-2017

I am referring to ASA software in general - whether is is 5500 series, 5500-X series or ASA logical device on Firepower appliance.

Firepower appliances (except the 3D series rebranded from Sourcefire) run either ASA software or FTD. They all have a combination of FX-OS (chassis management and such) and logical device management aspects.

Mostly they are being positioned as platforms for FTD but ASA option is presented to make transition easier since not all features are currently available in FTD. Also they are in most cases very very fast and a much more attractive option for high speed requirements (multiple 10 Gbps or faster interfaces).

The 5585-X hardware and its underlying platform architecture is getting a bit dated and it doesn't make sense to try to keep refactoring the services SSP to keep up when the alternative of the Firepower hardware is available. That's why the 5585-X with Firepower went end of sales earlier this year.

View solution in original post

Marvin Rhoads · ‎12-12-2017

There is no single roadmap - thus no one answer.

ASA software will continue to be cli-based. There is an API in newer versions and, depending on market adoption, it may be enhanced and gain slightly in popularity.

FTD will continue to be managed by its GUIs (FDM locally or FMC remotely) and have API access. As network function virtualization and orchestration tool sets mature, the API will be increasingly ascendant (but not overtake the GUI in the near future - personal belief there).

FTD has a cli configuration under the covers but manipulating that directly is not supported (Flexconfigs are a stopgap solution for corner cases and will not continue long term.) as the configuration is also tied into the various databases in use on the manager. I doubt we will see that change.

3mrivera · ‎12-12-2017

Thanks for the prompt reply

So although CLI will continue to have a future under ASA - does that include the newer generations of ASA's?

And what of the future of ASA themselves as it looks like the FirePower appliances are being marketed as replacements say for example for my current 5585-X's ?

Marvin Rhoads · ‎12-12-2017

I am referring to ASA software in general - whether is is 5500 series, 5500-X series or ASA logical device on Firepower appliance.

Firepower appliances (except the 3D series rebranded from Sourcefire) run either ASA software or FTD. They all have a combination of FX-OS (chassis management and such) and logical device management aspects.

Mostly they are being positioned as platforms for FTD but ASA option is presented to make transition easier since not all features are currently available in FTD. Also they are in most cases very very fast and a much more attractive option for high speed requirements (multiple 10 Gbps or faster interfaces).

The 5585-X hardware and its underlying platform architecture is getting a bit dated and it doesn't make sense to try to keep refactoring the services SSP to keep up when the alternative of the Firepower hardware is available. That's why the 5585-X with Firepower went end of sales earlier this year.

3mrivera · ‎12-13-2017

Marvin - Are you with Cisco, I'm trying to have my Cisco government account manager locate you so we can talk for a bit but he can't find you in the Cisco directory

Marvin Rhoads · ‎12-13-2017

I'm not a Cisco employee.

Cisco employees participating here in the Cisco Support Community are identified as such in their profiles.