Hello All, I have a customer who wants to stay on the ASA platform but needs to support more throughput. I thought about ASA on Firewpower. I could install the ASA software on a 2110 for 2.3 Gbps of throughput or a 2140 for 9 Gbps of throughput. I just can't find a drop of documentation that outlines the limitations of this type of design.
This is like the old school conversation of ASA Contexts, if you ran a context you had to give up a LOT of stuff. I don't want to run into that paradigm. I need to know what will I give up, if I run ASA on Firepower. I would prefer seeing some Cisco documentation if anyione has a solid document on this topic, but personal experience is super helpful too.
I know about platform vs appliance mode options, and I think appliance mode makes the most sense, again, I just need to know the limitations of ASA on Firepower.
You lose the ability to have any Firepower services (IPS, URL Filtering and AMP) on the appliance. Other than that, it looks and feels like a really fast ASA.
Alternatively migrate their ASA configuration to FTD and you get all of that capability back.
A few things aren't yet supported in the current 6.6 FTD release but that list gets smaller with every release. Notably we don't currently have clientless SSL VPN (and never will) or full support for all AnyConnect features and modules (that's coming soon).
My experience with this isn't very good. You won't get the speed you want when you redirect the traffic from ASA to FP module. The backplane speed for redirection isn't close to the number you are looking for.
More people are working remotely, and this increases the risk of security breaches and the difficulty in defending remote workers where they work and securing the devices they use.
Learn about Cisco Remote Secure Worker solutions that verify workers, secu...
ISE Node Terminology
Policy Administration Node
Monitoring & Troubleshooting Node
Policy Services Node
Platform Exchange Grid Node
The single plane of glass for ISE administration and configuration operatio...
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr...
About this Document
Cisco Secure Endpoint (formerly AMP for Endpoints) is a comprehensive Endpoint Security solution designed to function both as a stand-alone tool, and as a part of the architecture of natively integrated Cisco and 3rd par...