Solved! Go to Solution.
we run several clients on ASA 5585 with FirePower module using FireSight management. I do not find it hard to configure or manage at all. We use FirePower for URL filtering, IPS as well as AMP. Once everything was up and running I mainly just send URL category change requests to Brightcloud to unblock wrongly categorized websites. On the very rare occasion I have to add new policies to accompany newly added sites. But even this is a piece of cake.
The approach is not all that much different than other vendors. Take CheckPoint for example. There you need to buy licenses for blades to be able to use URL filtering. Here the URL is already built into the firewall which is not the case with the ASA...yet. But I would not be supprised to see the firewall functionality disappear from the FirePower ASA module.
Now, ofcourse if you have the FirePower appliance then you don't need a firewall in the mix as it can also do firewalling, but if you have an ASA and want to add IPS and URL filter then you just need to buy a license for these and you are good to go.
Please remember to select a correct answer and rate helpful posts
For simple traffic redirection , please refer the following link and search for the keyword "Redirect Traffic to the SFR Module".
Rate if the post helps you.
Thanks, this makes sense. I tried to find a doc which list all the features supported by FTD image but couldn't get one. Got some random information from different websites and found out that basic feature like VPN isn't even supported
They don't mention features supported like , is policy based routing or GRE interfaces or time based access control list etc. I couldn't find a doc which says all this, do you think they have one?