Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4900
Views
5
Helpful
5
Replies

Can FMC manage NON Firepower ASA's ?

Kmahow2
Level 1
Level 1

‎01-14-2020 03:52 AM

I'm in the process of acquiring some new FTD's with FMC. But can't find a definitive answer as to whether the FMC can manage ASA configs & logging too ? 

 

The company has a large estate of 5525-X without FirePower & a few 5545-X's with.

I'm trying to improve the management & getting some resistance to migrating everything to FTD.

 

Anyone got hands on experience that can answer this please ?

 

Thanks

Labels:
0 Helpful
5 Replies 5

Rob Ingram
VIP
VIP

‎01-14-2020 04:04 AM

Hi,
No, if the ASA hardware is running ASA firmware then the FMC cannot manage it. If you run FTD software on the ASA then yes the FMC can manage it.

HTH

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-14-2020 04:40 AM

You can manage configs of ASA and Firepower appliances with either ASA or FTD software using Cisco Defense Orchestrator (CDO). Logging (SAL) would be supported for FTD only.

As @Rob Ingram noted, FMC cannot manage ASA software (including logs) at all.

0 Helpful

Kmahow2
Level 1
Level 1
In response to Marvin Rhoads

‎01-14-2020 05:23 AM

Thanks for the replies, appreciate you confirming my fears.

Seems strange with Cisco advertising "single pain of glass" but not supporting the ASA product line with their new management engine. I guess FTD is their planned future, but not having a single management console is a real PIA compared to the other vendor products I work with.

 

Onwards & upwards.

 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Kmahow2

‎01-14-2020 05:45 AM

Actually Firepower Management Center isn't a new management engine. It's the latest version of the product that started as Sourcefire Defense Center back over 10 years ago.

CDO is a new management engine. It supports FTD, ASA and Meraki security appliances.

0 Helpful

johnlloyd_13
Level 9
Level 9
In response to Kmahow2

‎01-15-2020 01:09 AM

hi,

there's always budget and technical/person resource constraint in any IT environment.

you don't have to forklift all your ASA to FTD appliance. you can do it by phases: either buy/add FP module on ASA-x series or convert to FTD to manage them via FMC.

see helpful links:

http://wannabecybersecurity.blogspot.com/2018/11/cisco-asa-5506w-x-firepower-module_9.html

http://ccnpsecuritywannabe.blogspot.com/2019/07/reimaging-cisco-asa-5500-x-to-firepower.html

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card