07-07-2016 09:57 AM - edited 03-12-2019 01:00 AM
Solved! Go to Solution.
07-08-2016 05:41 AM
You can use the threat defense image, so you just have one firewall to configure (check the prerequisites). Or you just allow all traffic on the ASA and redirect everything to firepower.
07-07-2016 12:30 PM
we run several clients on ASA 5585 with FirePower module using FireSight management. I do not find it hard to configure or manage at all. We use FirePower for URL filtering, IPS as well as AMP. Once everything was up and running I mainly just send URL category change requests to Brightcloud to unblock wrongly categorized websites. On the very rare occasion I have to add new policies to accompany newly added sites. But even this is a piece of cake.
The approach is not all that much different than other vendors. Take CheckPoint for example. There you need to buy licenses for blades to be able to use URL filtering. Here the URL is already built into the firewall which is not the case with the ASA...yet. But I would not be supprised to see the firewall functionality disappear from the FirePower ASA module.
Now, ofcourse if you have the FirePower appliance then you don't need a firewall in the mix as it can also do firewalling, but if you have an ASA and want to add IPS and URL filter then you just need to buy a license for these and you are good to go.
--
Please remember to select a correct answer and rate helpful posts
07-08-2016 05:41 AM
You can use the threat defense image, so you just have one firewall to configure (check the prerequisites). Or you just allow all traffic on the ASA and redirect everything to firepower.
07-08-2016 05:52 AM
Hello Team,
For simple traffic redirection , please refer the following link and search for the keyword "Redirect Traffic to the SFR Module".
http://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configure-firepower-00.html
Rate if the post helps you.
Regards
Jetsy
07-08-2016 01:27 PM
Thanks, this makes sense. I tried to find a doc which list all the features supported by FTD image but couldn't get one. Got some random information from different websites and found out that basic feature like VPN isn't even supported
http://www.cisco.com/c/en/us/td/docs/security/firepower/601/6011/relnotes/firepower-system-release-notes-version-6011.html
They don't mention features supported like , is policy based routing or GRE interfaces or time based access control list etc. I couldn't find a doc which says all this, do you think they have one?
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide