Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
41953
Views
45
Helpful
8
Replies

Cisco ASA with firepower services vs FTD

shubhamkulkarni39
Level 1
Level 1

‎01-05-2017 01:04 AM - edited ‎03-12-2019 01:44 AM

Hello,

Whats the difference between traditional Cisco ASA with firepower vs new Cisco Firepower threat defence. 

why customer will go for Firepower threat defence, if they already have Cisco ASA with firepower services. 

what are the benefits of FTD and additional features in FTD? 

I also would like to know, what are the key benefits of Cisco Firepower appliances (4100, 9300) and what are the limitation of Firepower Appliances?

what are the difference between FTD and Firepower appliance? 

in which scenarios they use and other use cases? 

Thanks 

13 people had this problem
Labels:
0 Helpful
8 Replies 8

Oliver Kaiser
Level 7
Level 7

‎01-05-2017 03:21 AM

FTD combines both asa and firepower code into a single image. At the moment FTD has not reached feature parity with ASA features (no remote-access vpn, no multiple-context mode, no clustering, etc.) but it will be the way forward.

One of the benefits is that you wont need to configure two seperate instances (ASA & Firepower), but have a unified security policy that is managed either with Firepower Device Manager for small to mid-range deployments (ASA 5506-X - 5525-X) or using the central management with Firepower Management Center.

The Firepower appliances (4100, 9300) are the new NGFW hardware platform that can run either ASA (without firepower services) or FTD software. They are basically the evolution of the asa hardware platform that support higher throughput.

You may want to go down the FTD road if do not require the features not yet implemented from ASA as stated above. In about two years it should be the defacto standard.

Feature Comparison (Q4, 2016):

Preview file
78 KB

Sebastian Stepponat
Level 1
Level 1
In response to Oliver Kaiser

‎02-15-2018 02:24 AM

Hi,

 

could you tell me from which document that picture is from? I am searching for a recent document, but was unable to finds something.

 

Kind Regards

Sebastian

0 Helpful

Oliver Kaiser
Level 7
Level 7
In response to Sebastian Stepponat

‎02-15-2018 05:54 AM

The image is from a presentation. I am not sure if there is a customer facing document detailing all the feature differences between ASA with Firepower Services and FTD.

As for the images content... it is still correct except for Remote Access VPN, which was added in 6.2.1 release for FPR2100 and 6.2.2 for all other platforms

Sebastian Stepponat
Level 1
Level 1
In response to Oliver Kaiser

‎02-15-2018 08:51 AM

Thanks, that was the answer I was looking for!

0 Helpful

khalid_mahmood
Level 4
Level 4
In response to Oliver Kaiser

‎01-29-2021 02:22 AM - edited ‎01-29-2021 02:23 AM

Hi Oliver, very useful is their a newer version of this comparison chart for 2020/21?  thanks

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-05-2017 04:18 AM

You've asked some very broad questions. Here are a few answers.

FTD is an integrated image which combines all of the FirePOWER Services features with many (but not all) ASA firewall services.

If a customer is already running ASA with FirePOWER services, they may want to migrate in the long term to simplify management and operations. Short term, there are few compelling reasons.

Right now there are very few FTD features that are not available with a combination of ASA and FirePOWER services. Longer term, more developement resources on the FTD side may change that equation.

The 4100 and 9300 series are a whole new hardware platform for security appliances based on the UCS hardware. They offer much higher performance for a very attractive price when compared to the ASA platforms.

FTD runs on either the new 4100 and 9300 series or the ASA appliances (except 5585-X). FirePOWER appliances run only the legacy FirePOWER image and will not run FTD image.

derscisco.com
Cisco Employee
Cisco Employee
In response to Marvin Rhoads

‎06-03-2018 05:03 AM

Hi Marvin,

 

"" Firepower appliances run only the legacy FirePOWER image and will not run FTD image"

 

Can you please explain which are the firepower appliances that you are referring to here ?

 

 

@Marvin Rhoads wrote:

You've asked some very broad questions. Here are a few answers.

FTD is an integrated image which combines all of the FirePOWER Services features with many (but not all) ASA firewall services.

If a customer is already running ASA with FirePOWER services, they may want to migrate in the long term to simplify management and operations. Short term, there are few compelling reasons.

Right now there are very few FTD features that are not available with a combination of ASA and FirePOWER services. Longer term, more developement resources on the FTD side may change that equation.

The 4100 and 9300 series are a whole new hardware platform for security appliances based on the UCS hardware. They offer much higher performance for a very attractive price when compared to the ASA platforms.

FTD runs on either the new 4100 and 9300 series or the ASA appliances (except 5585-X). FirePOWER appliances run only the legacy FirePOWER image and will not run FTD image.



 to here ?

0 Helpful

gvargo
Level 1
Level 1

‎05-12-2020 08:30 AM

CIsco Firepower is garbage

 

Keep the ASA at least you can do stuff with it

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card