Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
501
Views
4
Helpful
5
Replies

Cisco ASA or Cisco FTD

henokk60
Level 1
Level 1

‎02-13-2025 01:03 AM

Hi All,

We have a Cisco 3110 secure firewall, and I'm not clear which mode to use: ASA or FTD. Since the appliance is used for remote access VPN, any suggestions, please?

Thanks

0 Helpful
5 Replies 5

Rob Ingram
VIP
VIP

‎02-13-2025 01:12 AM

@henokk60 the FTD does have the NGFW features the ASA does not. As far as traditional RAVPN is concerned they both pretty much support the same features. However, the FTD does support ZTNA for remote access which the ASA does not.

balaji.bandi
Hall of Fame
Hall of Fame

‎02-13-2025 01:13 AM

There are pros and cons -

but my take away is FTD - because.

ASA code some point of time going to end of Life

some new Features not available in ASA compare to FTD

FTD will be the Future for security fix and Long living code.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Aref Alsouqi
VIP
VIP

‎02-13-2025 02:15 AM

If that appliance is going to be used exclusively for VPN and you don't want to apply any next gen security features on the VPN traffic then probably I would recommend using ASA code. However, if that appliance would become an edge device or doing inter-VLAN routing etc then I would recommend going for the FTD, because in that case you don't have to redeploy anything.

Arne Bier
VIP
VIP

‎02-13-2025 03:30 AM

I have been asking myself this exact same question (Firepower appliance for VPN use only) and I would also consider the user interface as a decision criterion.  ASDM for ASA  ... love it or hate it. Once ASDM is installed and you don't mess around too much with it, it seems to be ok. But it looks very dated. But if you know your way around the interface then this might play in your favour. A single Firepower can be managed in FDM GUI mode - much prettier (IMHO) than ASDM. However, as soon as you add more appliances, you must use FMC. And that can be a beast to install/run/operate.  In that case, I would favour ASDM for the ASA for simplicity sake.  I have not used the very latest FMC, but every version since 6.x has been so slow, that making a simple firewall rule change could take more than 5 minutes to apply. On an ASA it was in under a few seconds. Or if done on the ASA CLI, it was immediate.  I tend to favour the new/native tech over the legacy stuff (FTD vs ASA) ... but in this case it's hard not to give the ASA a serious second looking at.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-14-2025 11:37 PM

If you have any FMC-managed (or cdFMC-managed) firewalls then I would say FTD image is the clear choice for reasons of ease of management if nothing else.

You will also gain the ability for geofencing your VPN in FTD 7.7 as soon as it is released - a feature that won't be on ASA code. Of course, if your VPN firewall is in a DMZ you may already be able to geofence at the perimeter firewall.

Others here have noted their take on pros and cons, all of which can help inform you regarding the best decision for your environment.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card